Tuesday, November 17, 2015

The encryption of Windows Bitlocker could be decoded in seconds

The Bitlocker hard disk encryption software, very popular in Windows systems, don’t encrypt the data as safely as we think: an easy trick allows to hack it and that’s why Microsoft corrected it so quickly, in its last security update. We´ll also talk today about the controversy about how much the encryption helped terrorists in Paris, we’ll discover so many failures of one of the more used software platforms in the corporate world and we’ll know finally if it is safe to log in a website using our Facebook credentials.

Microsoft has patched a vulnerability which allowed attackers with physic access to our PC or laptop to reach our encrypted data using the Bitlocker tool. Ian Haken, from Synopsys company, published the last week his research, which uses a fake domain server to get the passwords of encryption, saved in the cache by Windows. A few weeks ago, were discovered failures in other encryption data program for Windows, TrueCrypt.

Demonizing encryption
Talking about encryption, we introduce to yo a note about the great discussion of the moment, very predictable in any case: according to some authorities, the terrorists of Paris would use encrypted mailing apps for their communications, like Telegram. Which is an argument for the defenders of the backdoors and the minimum use of encryption by population, as well as the people who attacks to Edward Snowden as propagandist number one of the use of encryption. The controversy has arrived to the “New York Times”. Very predictable, as we said.

Another thing which didn’t surprised us and is a great danger are the multiple holes discovered daily in the software platform used by the 85% of Fortune 2000 of gas and oil producers. We are talking about SAP. One of the presentations of the Black Hat Europe convention, celebrated the past week, warned about the dangers of the many vulnerabilities in SAP, which could led to sabotage acts, fraud or cuts in the production line. Along the software holes, many of them solved by SAP, the researchers discovered too serious software misconfigurations.

Log in with Facebook?
And we finish with a topic that maybe had created doubts to our readers, like it created doubts to us too: when we access to a service which allows log in with our Facebook credentials, Is it safe doing it or not? The company F-Secure has published an interesting test where they expose the pros and cons of the log in via Facebook. Conclusion: the Facebook log system is safe and you can use it in normal services, but it’s better to create our own credentials in critical services.

An that was our daily summary, in a week where we found interesting news in social networks, searching among the general emotion caused by the attacks of Paris.


Post a Comment