December 8th, 2009, 18:56 PM
Microsoft downplays Windows BitLocker attack threat
Microsoft dismissed recently-disclosed threats to its BitLocker disk-encryption technology as "relatively low risk," noting that attackers must not only have physical access to a targeted PC, but must manipulate the machine two separate times.
The company's move was prompted by a paper published by five German researchers at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), a Darmstadt, Germany-based security company. In the paper, the researchers spelled out multiple attack scenarios criminals could use to access files protected by BitLocker.
BitLocker, which Microsoft debuted in higher-end versions of Windows Vista, is included only in Windows 7 Ultimate and Windows 7 Enterprise, available only to companies and organizations that buy Windows licenses in volume, as well as Windows Server 2008 and Server 2008 R2. The software encrypts disk volumes and locks them with a PIN, USB-based key device or, if the computer includes one, a Trusted Platform Module (TPM) chip.
Full story: Computerworld