NASA Employees Warned About Windows Vista Security Loophole

BitLocker Drive Encryption is a data protection feature that is included in Microsoft’s Enterprise and Ultimate editions of Vista. Bitlocker provides AES encryption for the entire OS volume.

NASA is concerned about a loophole that exists in BitLocker that could allow a malicious user to access data from a stolen computer or laptop despite the BitLocker encryption if the system is put into sleep mode.

Bitlocker is a new and well-publicized feature of Windows Vista intended to protect data on machines in the case that they are physically compromised. Bitlocker encrypts an entire Windows volume and prevents access through a secure startup feature bound to either an existing Trusted Platform Module (TPM) or to a removable USB key. Bitlocker has some limited effects on performance and data corruption. Further, it affects typical “imaging” software in a way that may cause difficulties for larger operations. It has also been advertised as a more efficient way to perform data destruction, a claim which we investigate. Currently shipping PCs, especially from Dell, do not allow analysts to test the TPM features due to insufficient support in BIOS, but the basic functionality can be tested with USB keys, and no major problems have been identified.

From sewpsc.sewp.nasa.gov

I said it before and I’ll be saying it again…reinstall XP, or if you are due for a new computer try to get one with XP, buy a Mac, or try Ubuntu .

[tags]Vista, NASA, Microsoft, BitLocker, Vulnerability, Security, Encryption[/tags]

The LockerGnome Daily Report

Chris Pirillo & Community Offering Geeky Updates (Powered by Subs and Patrons)

NASA Employees Warned About Windows Vista Security Loophole

Related