IViZ Announces New Class Of PC Vulnerability

Posted: Aug 26 2008, 2:00pm CDT | by , Updated: Aug 11 2010, 10:16am CDT, in News | Other Stuff

 

/* Story Top Left 2010 300x250, created 7/15/10 */ google_ad_slot = "8340327155";
 

Buy This Now On Amazon

According to iViZ, encrypting a hard drive is no longer enough protection. The firm says that it discovered a new class of vulnerability at Defcon 16 security conference that allows hackers to steal boot passwords and bypass the security of pre-boot authentication software.

The vulnerability allows hackers to bypass encryption software. iViz says that it has already briefed vendors like Microsoft, Intel, and HP on the vulnerability.

"Surprisingly, this vulnerability has been existing for 25 years," says Jonathan Brossard, iViZ lead security researcher and discoverer of this vulnerability. "Programmers unaware of this security hole have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case," adds Mr. Brossard. This vulnerability affects Microsoft Bitlocker on the latest TPM (but not Vista SP1), Truecrypt, Intel/HP BIOS and several others.

Via IvIz

This story may contain affiliate links.

Comments

The Author

<a href="/latest_stories/all/all/3" rel="author">Shane McGlaun</a>
Tech and Car expert Shane McGlaun (Google) reports about what's new in these two sectors. His extensive experience in testing cars, computer hardware and consumer electronics enable him to effectively qualify new products and trends. If you want us review your product, please contact Shane.
Shane can be contacted directly at shane@i4u.com.

 

 

Advertisement

comments powered by Disqus