According to iViZ, encrypting a hard drive is no longer enough protection. The firm says that it discovered a new class of vulnerability at Defcon 16 security conference that allows hackers to steal boot passwords and bypass the security of pre-boot authentication software.

The vulnerability allows hackers to bypass encryption software. iViz says that it has already briefed vendors like Microsoft, Intel, and HP on the vulnerability.

"Surprisingly, this vulnerability has been existing for 25 years," says Jonathan Brossard, iViZ lead security researcher and discoverer of this vulnerability. "Programmers unaware of this security hole have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case," adds Mr. Brossard. This vulnerability affects Microsoft Bitlocker on the latest TPM (but not Vista SP1), Truecrypt, Intel/HP BIOS and several others.

Via IvIz