Post · bonfire.cafe

@0xabad1dea@infosec.exchange · 9 hours ago

RE: https://cyberplace.social/@GossiTheDog/116565662607962457

The chill I got when I downloaded the repo and realized the “exploit” was a zero byte file with a magic filename…

The charitable interpretation is that Microsoft accidentally shipped an internal test build to global production. The less charitable one isn’t very pleasant

Kevin Beaumont

@GossiTheDog@cyberplace.social · 15 hours ago

So I’ve just had a quick play with this and yes, it works. Essentially BitLocker has a backdoor. https://github.com/Nightmare-Eclipse/YellowKey

Mitigation = BitLocker PIN and BIOS password lock.

Carlos Solís

@csolisr@hub.azkware.net · 7 hours ago

I already went through the hassle of configuring my laptop to get secure boot and encryption on my Windows and Linux partitions, and then I learned the NTFS encryption key gets automatically submitted to Microsoft so decrypting it is as easy as stealing my Outlook account. I'm yet to rekey my hard drive with a local-only key, as I fear I'd have to format and reinstall. Does this exploit make local-only keys equally unsafe, too?