YellowKey reportedly works in Windows 11, Windows Server 2022 and 2025, but not in Windows 10.
Finally, some good news. Now I can stop having to interact with my companies shitty outsourced service desk when I need a Bitlocker key.
microslop. Im saying since 30 years, microslop is da shit. A big pile…
I contacted my IT support after some suspicious activity - my screen being on middle of the night etc. and they said it was an update that they pushed and the type of update bypassed bitlocker to return to where I was which sounded like BS but they are IT so…
There was a reason for disappearance of TrueCrypt
TrueCrypt was forked into VeraCrypt, which is still maintained.
What reason? It was broken?
It was very likely compromised by NSA requiring a backdoor or weakened encryption that could be cracked by the US. There’s a long story that’s pretty interesting if you want to hit the rabbit hole
No, it worked so well that the governments didn’t like it.
BitLocker is basically malware, so who fucking cares. Far more people have it accidentally on and get locked out than people that have purposefully activated it.
You have just reminded me I could use this on the laptop my mother set up like five years ago and immediately forgot the password for.
Companies care
When I worked at an MSP, BitLocker cost companies thousands of dollars when it did something strange. User error has very catastrophic consequences with BitLocker and nobody that actually cares about security uses BitLocker. From my professional experience it is malware. The places where I have seen it used on purpose was because of policy bullshit and everyone agreed that it was a hindrance rather than an advantage.
Bitlocker is Temu encryption
Temu is, as Chinese netizens will tell you, full of items on a lower 4th rung of quality well below what they are used to (at least the urbanites, but I doubt farmers want to buy junk for shit they need to do). That doesn’t mean that a single-board computer you buy off it would be incapable of anything you need to do, just surrounded by stuff advertised in a misleading way to get you to buy more shit.
Their business itself has customer data well-encrypted, never sends out your email to spammers (I isolate email accounts I would notice). They have never had a single data breach.
Somebody on twitter “reverse engineered” the exploit. Apparently ms shipped debug code in production. At least it’s not called Backdoor_FBI outright.
How it works:
- Recovery tools look for a config file called RecoverySimulation.ini on the OS drive
- If Active=Yes, it enables “test mode” for the recovery tools
- Test mode unlocks your BitLocker drive but a flag called FailRelock tells it to skip relocking
- cmd.exe spawns with full access to your “encrypted” drive
Does test mode unlock without the key?!? So it’s just “encrypted” with a generic key, and the unlock key is for authentication? That sounds insane, even for microsoft.
this works because the bitlocker key is stored in the TPM of the mainboard on the computer.
That is neccessary for the computer to be able to boot without entering your bitlocker password. you can configure it differently, but that is not default or super obvious to do.
“Ah yes, but think about how much faster they shipped that code with Copilot doing all the heavy lifting.”
- Some Microsoft exec, probably
😮💨
Closed source security mechanism has backdoor
More news at 9
of *course *there’s a back door. You motherfuckers think they’ll TPM secure boot lock file manage SECURTYYYY and not let five eyes waltz in whenever they fucking well please?
the billionaires don’t care about your “security”
I guess LUKS is safe.
Why people are saying that the files being deleted indicate a backdoor? This is clearly to be executed while having access to the laptop. So it’s not like I’m tricking someone into connecting the USB drive and after the PC is infected I want to get rid of the evidence. If some FBI agent is using a USB drive to unlock a laptop at work, what’s the point of making the drive single use?
This could also be part of the PoC created by the researcher, not part of the backdoor.
They said in the article they recreated it on their own. So it couldn’t just be the proof of concept.
If some FBI agent is using a USB drive to unlock a laptop at work, what’s the point of making the drive single use?
Under cover/covert operations do actually happen.
They said in the article they recreated it on their own. So it couldn’t just be the proof of concept.
This could mean they just put the files from the exploit on a drive and reproduced it. The author of the exploit claims it’s very complex and no one knows how it works yet.
Under cover/covert operations do actually happen.
So what’s the scenario they are protecting themselves against? Someone catching the agent right after they unlocked some encrypted drive with the USB drive still on them? It sounds very far fetched to me that FBI would request a backdroor from Microsoft with this very specific requirement. I think it’s more likely they would cover it on their side with some easily erasable USB drive. Plus such a solution would also let them get rid of the backdoor if they are caught before they used it.
Buttlocker
Is this an analogy that you can take bitlocker…
Lmao, remember when Microsoft wouldn’t make a backdoor for the US government? https://mashable.com/archive/fbi-microsoft-bitlocker-backdoor
I wonder what favor the government traded for this. Or maybe what threats were made to Microsoft…
Gee Mr Gates, that’s a nice monopoly you’ve got there. It sure would be a shame, if that anti-trust lawsuit the AG is researching were to happen to it…
I wonder what favor the government traded for this. Or maybe what threats were made to Microsoft…
Probably none; don’t forget, the majority of Lose11 is vibecoded
You think they just offered a backdoor to the US government unprompted? They just changed their mind? I know technically there isn’t evidence of it being for the government, but like… Come on. Something like this isn’t a bug or AI hallucinating
Maybe it’s just a coincidence! Maybe those files just randomly do that lmao. Including deleting themselves!
Lol, imagine if they made that defense. “This was the result of an AI hallucination!”
JuSt MaKe A sEcUrE bAcKdOoR
Surely the bad guys would never use an encryption backdoor made for the “good” guys??
