logoalt Hacker News

Mystery Microsoft bug leaker keeps the zero-days coming

104 pointsby e12etoday at 12:54 AM34 commentsview on HN

Comments

ndiddytoday at 3:11 AM

I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data. https://github.com/Nightmare-Eclipse/YellowKey/ You load a specific file onto a flash drive, plug it into a Bitlocker encrypted computer, reboot it while holding a key combination, and it pops up a command prompt with full access to the encrypted volume. There's no way this isn't a backdoor.

show 3 replies
getcrunktoday at 6:16 AM

Anyone remember the Samsung ssd issue with bitlocker from maybe like a decade or so ago where it was an empty encryption key or something

purpleideatoday at 2:56 AM

It's so obvious that many of the bugs being found are/were most likely M$ backdoors.

There doesn't seem to be any other plausible explanation. The reckoning needs to come and people need to stop using their products for good.

Would love a whistleblower to explain which part of the government or company forced it.

show 3 replies
NDlurkertoday at 2:58 AM

Oh cool. My brother's old laptop is locked. Maybe this will help

show 1 reply
__alexandertoday at 2:20 AM

So weird that GitHub requires a login to view their BlueHammer repo.

https://github.com/Nightmare-Eclipse/BlueHammer

show 1 reply
NordStreamYachttoday at 3:13 AM

Laid off Microsoft researcher?

aussieguy1234today at 3:24 AM

Could the Bitlocker vulnerability be a backdoor mandated by some government agency?

ChrisArchitecttoday at 3:17 AM

Related:

YellowKey Bitlocker Bypass Vulnerability

https://news.ycombinator.com/item?id=48114997

quxuejuntoday at 3:13 AM

i think so~