YellowKey reportedly works in Windows 11, Windows Server 2022 and 2025, but not in Windows 10.

  • yesman@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    They also state the vulnerability is well-hidden, and that they “could have made some insane cash selling this, but no amount of money will stand between me and my determination against Microsoft.”

    based.

  • flop_leash_973@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Finally, some good news. Now I can stop having to interact with my companies shitty outsourced service desk when I need a Bitlocker key.

  • Optional@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    YellowKey can be triggered simply by merely copying some files to a USB stick and rebooting to the Windows Recovery Environment. We tested this ourselves, and sure enough, not only does it work, it bears all the hallmarks of a backdoor, down to the exploit’s files disappearing from the USB stick after it’s used once.

    • humanspiral@lemmy.ca
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      100% certainty of backdoor. Is bitlocker developed outside of MSFT? Would seem to need MSFT cooperation to implement.

      • humanspiral@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Bitlocker was developed entirely inside MSFT. Upon further review, there is a chance that this is all somewhat normal behaviour. Part of MSFT safeOS to make it convenient to recover bitlocker access, and update windows.

        • Leon@pawb.social
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          And be able to easily comply with law enforcement requests for decryption.

          Ergo, the encryption is actually worthless.

        • Valmond@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          Normal behaviour?

          -“Well it turns out we just said your data was protected, for your, ehrm, satisfaction?”

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Except Microsoft doesn’t have the respectability to discontinue a clearly broken product now that they’ve baked it into ever installaion of Windows 11 by default

    • jqubed@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      As in you think they were pressured into stopping development so people would switch over to BitLocker, which now appears to have a backdoor put in by Microsoft or at least one of the developers, presumably at the behest of a government?

      • ChristerMLB@piefed.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        The thought did cross my mind, yeah. I don’t think it’s quite sufficient evidence to make such a big conclusion, but both of these seem so conspicuous

      • adarza@lemmy.ca
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        there’s a backdoor built right into bitlocker in the form of ‘recovery keys’–and for most users, microsoft knows what they are.

        • mic_check_one_two@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          and for most users, microsoft knows what they are.

          This is notable specifically because Microsoft has been compelled by courts to turn over those keys before.

          I don’t blame Microsoft for complying with legal court orders, but I 100% blame them for building systems that allow them to access users’ data (including the keys) in the first place. If they used proper E2EE, they wouldn’t be able to access your keys at all. But that would prevent them from gobbling up all of your private data to sell. And the fifth amendment doesn’t protect third parties. So if the FBI confiscates your PC and you clam up, the feds can just compel Microsoft to give them your keys instead.

  • 9tr6gyp3@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    The process is dead simple: grab any USB stick, get write access to the “System Volume Information,” and copy into it the “FsTx” folder and its contents. Shift+click Restart to get Windows to the recovery environment, but then switch to holding down the Control key and don’t let go. The machine will reboot, and without asking any questions or showing any menus, will drop you in an elevated command line with full access to the formerly Bitlocked drive, without asking for any keys.

    Its dead simple to get write access to System Volume Information! 😉

      • BlackLaZoR@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Suddenly dev resigned and posted bizzare post that read like he was at a gunpoint, recommending bitlocker instead of truecrypt

      • massacre@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        It was very likely compromised by NSA requiring a backdoor or weakened encryption that could be cracked by the US. There’s a long story that’s pretty interesting if you want to hit the rabbit hole

  • Cornballer@lemmy.zip
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Somebody on twitter “reverse engineered” the exploit. Apparently ms shipped debug code in production. At least it’s not called Backdoor_FBI outright.

    How it works:

    1. Recovery tools look for a config file called RecoverySimulation.ini on the OS drive
    2. If Active=Yes, it enables “test mode” for the recovery tools
    3. Test mode unlocks your BitLocker drive but a flag called FailRelock tells it to skip relocking
    4. cmd.exe spawns with full access to your “encrypted” drive
    • jabberwock@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      “Ah yes, but think about how much faster they shipped that code with Copilot doing all the heavy lifting.”

      • Some Microsoft exec, probably
    • BigDanishGuy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Does test mode unlock without the key?!? So it’s just “encrypted” with a generic key, and the unlock key is for authentication? That sounds insane, even for microsoft.

      • mavu@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        this works because the bitlocker key is stored in the TPM of the mainboard on the computer.
        That is neccessary for the computer to be able to boot without entering your bitlocker password. you can configure it differently, but that is not default or super obvious to do.

        • RamRabbit@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          It always struck me as…poor…to not require a password for decryption. If you require zero knowlege from me, that means a stolen has everything inside needed to decrypt all the data.

          And well, lookie there at the article!

  • Reygle@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Microslop can’t even claim incompetence. The way this reads, the function is intended as a back door.

  • db2@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I would bet it coincides with them implementing “AI” or shortly after. They’re going to say they didn’t know, it’s not their fault because Slopbot9000 did it.

  • Treczoks@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    Why do they call it “drive encryption” when it does not need a user-provided password or other key?

    • mlg@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      TPM microslop magic.

      What’s even funnier is that we already have TCG, ISE, and SE drives that hardware encrypt AES256 by design, so you still get at least an instant delete option if you never bother to set a key.

      Windows wants to double screw you over by never telling you it added a key, and then leaving you dead in the water if your TPM breaks, and then also failing to maintain their own TPM requirements making it completely useless lol.

  • Sgt_choke_n_stroke@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I lost 3 years of work and my research dissertation because of bitlocker. Fuck you microslop, now I do everything on Linux because of your security garbage

    • mic_check_one_two@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      I mean, the concept behind BitLocker is fine. Encrypting drives by default should be the norm, the same way we encrypt our web traffic by default with https. The issue is Microsoft’s awful implementation that has led lots of users to accidentally lock themselves out of their own data, without even realizing what they were doing.

    • Thorry@feddit.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Not to be that guy, but that’s 100% on you for not having backups of important work. It’s 3 years and your fucking research dissertation, how the fuck do you keep that all in one place?

      This time you got fucked by Microsoft for having shit software. But it could have been your hardware that exploded, your house catching fire, your shit being stolen, you downloading malware from that one site you told your girlfriend you’d never visit again, shitting infrastructure causing power issues or flooding, you yourself having a nervous breakdown and nuking the thing.

      Keep everything important at least in three places, one of which should be in a physically different (remote) place. Backup often, keep to the schedule and test your backups.

      Jeez man, using Microsoft software and not having backups is like walking around with a loaded gun pointed at your dick. It’s all well and good till you get your dick blown off.

      • HeyJoe@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        Yeah, I would also like to know more on how bitlocker screwed him. Like was it a legit problem or that the device died and didnt have the keys to decrypt it? If it’s not keeping the keys somewhere safe, which it even makes you do by not allowing you to select the local device, then idk how the blame is microsoft is shitty. Need more info though.

        • Sgt_choke_n_stroke@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          IT lapsed and diddnt have keys for the computer. So windows 10 “updated” to windows 11 the computer bricked. IT also blocked us from plugging in usb sticks. Which they then blamed me for not backing everything thing up to one drive. It’s all just left a sour taste in my mouth

      • dual_sport_dork 🐧🗡️@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        In the immortal words of Daniel Rutter (again): If nothing else, backups are necessary because at some point in your life you will confidently instruct your computer to destroy your data.

        • Alberat@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          i just deleted a month of notes by doing:

          find $(pwd) “*.tmp” -delete

          instead of:

          find $(pwd) -iname “*.tmp” -delete

          turns out the former throws an error on “*.tmp” but still deletes everything lol… PSA for everyone

          • Matriks404@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            I think it’s your fault if you don’t have backups… but I legitimately think that we should restrict usage of classic Unix tools to scripts, and use safer tools ourselves… but I guess that’s just my opinion.

          • phutatorius@lemmy.zip
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            I was lucky last time, was able to reconstruct almost all of it (99.7%) in 3 weeks of after-work messing around. The 0.3% is non-critical.

            Now I do something I wrote myself with cron, rsync, hardlinks and gpg. It’s simple, easy to test and fairly bulletproof. Protip: keep many backups of your keys or you’ll wish you had.

            • anotherandrew@lemmy.mixdown.ca
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Syncthing (distributed folder sharing including “keep x copies of each file”) and duplicity (gpg-encrypted, incremental backup anywhere) are your friends.

              Been using them for a very, very long time. A++ open source, cross-platform solutions.

        • pcouy@lemmy.pierre-couy.fr
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago

          A few years ago I deleted my whole home folder by bind-mounting it inside a chroot. When I was done with the chroot, I rm -rf-ed it without unmounting my home first.

      • neclimdul@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I two have multi tiered backups for my laptops and do regular restores to validate them. Same for my parents and all my non technical family and friends. Its amazing that big companies mess this up since everyone does it. It’s just so cheap and easy to do. /s

        • FrederikNJS@piefed.zip
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 months ago
          1. Find online backup service
          2. Pay for subscription
          3. Install backup software
          4. Still have your data

          I use Backblaze myself… But there are many other straightforward and easy backup solutions out there.

          • raspberriesareyummy@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            2 months ago

            Storing important data online on someone else’s computer is beyond fucked up levels of stupid: You only need to lose your encryption key once in your lifetime afterwards, and you can consider your backup public for all the world to see. And a single encryption weakness / backdoor will expose data just the same. Not to mention using third party sw to “do the backup” for you and relying on them to encrypt it so that they themselves can’t read it, is very naive.

            Once your data left your home network, it is no longer yours to control.

            • FrederikNJS@piefed.zip
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              Well… That depends entirely on your threat model…

              In my setup, the backup is encrypted locally, and then uploaded to Backblaze. If I leak my encryption key, then yes, Backblaze and any state actor that can compel Backblaze, might be able to read my backup (and the same goes for an encryption vulnerability). But since the connection to access the backup is also authenticated, the rest of the public would not be able to read my backup. If I leak my access credentials, then everyone could get my encrypted backup data, but not be able to decrypt it. Of course if I leak both the access credentials and the encryption key, then yes anyone that obtains both can read my backup.

              Many regular people use Microsoft Onedrive or Google Drive, which offers even less protection, but it’s certainly sufficient and well enough protected to keep your dissertation protected.

              In most backup services you have the option to choose what gets backed up, and what does not. But sure, it entirely depends on who you want to protect yourself from.

              If your main concern is state actors, then yeah… You probably shouldn’t use something like Backblaze. You should keep everything on your own hardware. And convince a friend or some family to have a NAS sitting somewhere that can host your backup destination.

              For my case I’m mostly concerned about data continuity (not losing data). But privacy is certainly also a concern, and here I have chosen to believe that the encryption is sound enough, and that my ability to keep my encryption key safe, is sufficient for the data it protects.

              • raspberriesareyummy@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                2 months ago

                My main concern is that all my data is online, potentially forever (I have to assume it will be) and the only thing needed to access it is a comparatively tiny encryption key (we’re talking Megabytes) that I have to keep safe forever (or until I delete it). If I ever mess up, or a computer with the encryption key gets compromised, then there goes my data into the public domain…

      • Korhaka@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        0
        ·
        2 months ago

        I have a better backup system in place for my factorio saves. Script syncs the live copy to several places on the network along with compressing a timestamped copy to an external HDD which stores a bunch of copies. Then manually I might trim them down every few years or so as I don’t really need 3 different copies from March 2024 still.