alt Hacker NewsWhat's with all the replies on these threads downplaying this? Why is it mainly brand new accounts? What's going on here?
I've seen every variant of:
1) "this is an authentication/privilege escalation bug, not a bitlocker exploit" (? what are you even trying to say)
2) "even though the attacker explicitly warns that this is capable of bypassing TPM+PIN, that isn't actually true or what he meant"
3) "we shouldn't jump to conclusions that this is a backdoor"
4) "we already knew BitLocker with just TPM isn't secure" (? except many organizations depend on it to be)
Replies
Most submissions involving criticism of big tech gets those kind of replies. Par for the course here.
You just have to skip reading them because it seems there's no stopping those 100% genuine replies
1) These systems are set up for automatic decryption. It's super obvious that if you can successfully attack windows between unlock and user login, you can get to the files. If this is such an attack, it's not a flaw with bitlocker itself.
2) Is it unreasonable to say "show it"?
3) Correct, we shouldn't jump to conclusions.
4) It's not known-insecure but it is known-enormous-attack-surface.