Switchfast Blog - The Future of IT

Microsoft Claims BitLocker Security Hole is Only Dangerous in “Highly Unlikely Situations”

Wednesday, December 09, 2009 by Michael Holley

Ever since German security company, Fraunhofer SIT, published a paper outlining a vulnerability in Microsoft's BitLocker encryption application, Microsoft has received intense pressure from the blog community to comment. On Monday, the public got its comments via the official Windows Security Blog.

Microsoft's Paul Cooke downplayed the "vulnerability" significantly, stating that the claim is not even really a flaw in BitLocker, but a way to circumvent the OS's security altogether. Furthermore, users would only be at risk in situations that are highly unlikely to occur in the real world, since a hacker would have to gain physical access to a user's computer on two separate occasions in order to exploit the system. Essentially, Cooke is claiming that the exploit is both highly unlikely to occur, and that if it did, it's taking advantage of something that BitLocker was never designed to protect in the first place.

That being said, Cooke does acknowledge that the German discovery is a legitimate concern, if on a small scale, and represents another reason why despite the security advances Microsoft has made, everyone still needs to take security precautions on their own, both through educated caution and third-party software.

"Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution. IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology: it requires end user education and physical security also play important roles."

You can read the original blog post here.

Best,

Switchfast Technologies
Chicago IT Support & Consulting
Rochester IT Support & Consulting

Leave comment:

• Archives

  • 2010
    • March (7)
      • Mac Continues to Invade Enterprise
      • The Internet Browser Revolution
      • Enterprise Wants a Piece of Windows 7 Growth
      • Search Engine Giant Google Fails its Own Test, Offers its SEO Pointers
      • Excited About Windows Phone 7? More Details Coming Soon
      • While Office 2010 Gets a Launch Date, Google has its Sights on Enterprise with Chrome OS
      • Beware: Counterfeit Intel Processors
      • Technology Adjusting to Success of Small-to-Midsize Businesses
    • February (19)
      • Microsoft Azure Platform Opens to Public
      • Would It Benefit Your CIO to Blog?
      • Breaking Through the Condescending IT Image
      • Beware: Rogue iPhone Apps that Steal Data
      • On the Right Track: IE 8 World’s Most-Used Browser
      • The Dangers of Using a Public Wi-Fi Network
      • Build a Strong Brand alongside a Booming Business
      • TLS/SSL Flaw Found in Windows
      • Can Your Company Benefit from Google Buzz?
      • Windows Patch Tuesday Update Producing Blue Screen
      • Can IT Boost Your PowerPoint Creativity?
      • Free Version of BlackBerry Enterprise Server Coming Soon
      • Firefox Poised to Penetrate IE Stronghold as Primary Enterprise Browser
      • Adobe Issues Out-of-Band PDF Updates
      • Google Buzz May Be Black Hat SEO Haven
      • Microhoo is Official, but Don’t Expect Changes Quickly
      • Small Business Blogging: Benefits and Drawbacks
      • Social Media Thrives On Small Business Innovations
      • Adobe Releases Critical Security Update for Download Manager
      • WiMAX & LTE Networks Bringing VoIP into Big Picture
      • Creating a Smartphone Application – For Enterprise Use
      • Three Big Reasons to Take a Minute to Upgrade Your Browser
    • January (9)
      • Microsoft Announces Pricing for Office 2010
      • Keep an Eye Out for Microsoft Windows Patch this Tuesday
      • Microsoft Announces IE Security Hole Believed to be Involved in Google Attacks
      • FireFox 3.6 RC2 Released Sunday
      • Will 2010 Bring "Hybrid Clouds" ?
      • Microsoft Investigates Internet Explorer Flaw - Again
      • IT Spending to Increase in 2010
      • Why Your Social Media Image Matters – Especially for SEO/SEM
      • Windows Mobile 7 Demo to Appear Next Month
      • The iPad - How Will 'it' Affect IT?
      • To Enterprise or Not - Tech Analysts Split on iPad
      • Google Sets Sights on Enterprise Version of Nexus One
      • Beware: Latest Search Malware Threat – ‘Apple iPad’
  • 2009
    • December (10)
      • Beware: Top Ten Riskiest Domains
      • Important Microsoft IE Security Update Coming Tuesday
      • Copenhagen Climate Talks Spawn Flurry of Positive Green Tech Activity
      • Microsoft Claims BitLocker Security Hole is Only Dangerous in “Highly Unlikely Situations”
      • Beware: Koobface.GK “Christmas Worm”
      • Last-Minute Holiday Gift Deals
      • Mozilla Releases Important Security Update for Firefox
      • Entrepreneurs: Internet Usage Still Somehow Continues to Climb
      • Nexus One ‘Google Phone’ Expected at January 5th Android Event
      • McAfee says Adobe Will be a Bigger Hacker Target than Microsoft in 2010
    • November (13)
      • Microsoft Opens World-Class Data Center on Chicago's Outskirts
      • Reminder: New Chicago Area Code to be Active on November 7
      • Latest T-Mobile Outage is Fixed
      • Windows 7 is More Secure, but You Still Need Antivirus
      • Attention eCommerce: Reliable Search can Aid Conversion Rates
      • Apple Releases Snow Leopard Update v10.6.2
      • Google Maps Launches Flu Shot Finder
      • Upgrading Obsolete Systems can Save Huge Amounts of Money, but Do Your Research First
      • Next Generation Collaborative Tools are Changing How We Interact
      • Let Switchfast Help with Holiday Shopping!
      • Verizon Doubles Early-Termination Fee for Smartphones
      • Beware: Dangerous iPhone Worm
      • Future of the Internet Browser: Speed is King
    • October (12)
      • Use Copyscape to Protect your Reputation with Google
      • Non-Profits: Upgrade to Windows 7 for free through TechSoup
      • Beware Keylogging: The Latest Phishing Fad
      • Beware "Chicago Marathon 2009 Results" Malware
      • Good SEO Takes Time, but the Results are Well Worth the Wait
      • Google’s Postini Outage Affects Many United States Users, Now Resolved
      • MicroStrategy Offers Free Business Intelligence Software
      • Windows 7 is Imminent, the Internet is Buzzing
      • Lifehacker posts Master List of Windows 7 Shortcuts
      • ICANN to bring non-English web addresses to the internet in 2010
      • Smartphone sales to surpass laptop sales by 2012
      • Free Software Scans Twitter Links for Malware
    • September (10)
      • Gmail Outage Blamed on a Capacity Calculation Error
      • SEO vs. Yellow Pages: Times are Changing
      • Exchange 2007 Support May be Snow Leopard’s Killer Feature
      • eMarketer: SMBs Prefer Digital Media Over Traditional Media
      • Workplace Computers: To Lockdown or Not to Lockdown?
      • Non-Profits Gain Free Revenue through GoodSearch
      • SANS Institute: Unpatched Software is Top Security Risk Worldwide
      • IE Now with HTML5 Compatibility, Thanks to Google
      • Microsoft CEO Steve Ballmer on the "New Normal"
      • Microsoft Offers Free AntiVirus Software
    • August (10)
      • Microsoft Office 2010: What We Know So Far
      • XP Mode: Killer App for Windows 7 Enterprise Adoption?
      • Google, Apple release helpful software updates
      • Is Google’s “Caffeine” a game-changer for SEO?
      • “Hot Content” like Erin Andrews Video Used as Bait for Malware
      • Non-Profits Should Look to Search Engines for Affordable Donor Generation
      • Windows Server 2008 R2 Released to Software Assurance Subscribers
      • Apple to Release Snow Leopard on Friday (8/28)
      • European ‘Cyber-gangs’ targeting small to medium-sized businesses
      • Snow Leopard Not as Secure as Advertised?
    • July (15)
      • Three easy habits to keep your system up and running
      • Be careful what you tweet!
      • Workaround for Microsoft ActiveX Security Vulnerability for IE6 and IE7
      • As a source of customers, the internet has become impossible to ignore
      • Microsoft to release security patches for DirectX/ActiveX on Tuesday (7/14)
      • Microsoft to release Windows 7 to Businesses on September 1st
      • Non-Profits can gain a major edge using a CMS
      • Why you need to be archiving your email right now
      • Google’s Q2 revenue tells us where opportunity lies
      • Service Pack 2 to be released for Office 2008 for Macintosh today
      • Thanks to everyone who stopped by the Switchfast booth at the City of Chicago Treasurer’s Small Business Expo!
      • How to use social media to bring business on no budget
      • Why every organization should utilize an electronic document management tool
      • Microhoo: Microsoft and Yahoo finally agree on a search partnership
      • Beware Rogueware: Fake security software that is becoming big business
    • June (14)
      • Beware: Gumblar virus
      • Spam can be more than just annoying
      • Can Microsoft’s Bing threaten Google's dynasty?
      • Non-Profits should take advantage of free/cheap technology to stay competitive and relevant
      • Green technology isn’t going anywhere but up
      • Rapid growth in mobile technology is changing the face of business
      • High tech lighting can save up to 40%
      • Clearwire to launch 4G WiMax in Chicago this summer
      • A close look reveals unique pricing opportunities for MS Office
      • Windows 7 just around the corner, presale details leaked
      • Nortel sells wireless business, further signals change in telecom landscape
      • Economic downturn has been catalyst for SMB adoption of managed services
      • Another "No Backup" Horror Story
      • Cisco claims big internal savings through telecommuting
    • May (13)
      • Microsoft says that IT is "firmly entrenched as a strategic asset" among small to medium businesses
      • Uncontrollable environmental conditions make the ability to work remotely a powerful tool
      • Plane crash victim escapes with his life and his critical data
      • Sometimes small changes make a big difference
      • Aging hardware can be much costlier to keep than to replace
      • SF Giants: Low maintenance costs and an able feature set prove to be big cost-savers with new VoIP system
      • Quick fix for Internet Explorer 8 crashing with faulting module urlmon.dll
      • Beware Unreliable and Inefficient Data Security Solutions
      • Recent influx of Phishing scams demands caution from internet users
      • Agile Software Development divides big projects into manageable, budget-friendly chunks
      • Lower-priced Windows 7 licenses for netbooks will have maximum spec limit
      • Google: "The Web has won"
      • Good economic news means now is the time to make changes
    • April (3)
      • Instead of Sacrificing Your Assets, Streamline Them
      • Mac Users Should be Aware that Security Threats are Growing
      • Big Microsoft discounts available through May
    • March (1)
      • Going Green Means Saving Green ($$$)