GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« Choppy Regulatory Waters ahead for EU SMEs? | Main | Microsoft Advance Notification for January 2013 »

02 January 2013

Comments

Thank you for your comments.

It is not something I have tried to recreate since I read that logging out gracefully was a prerequisite. Also that the disk should remain encrypted even in Suspend mode.

I do know that I never manually suspended BitLocker so it is possible it was never setup correctly but I consider this highly unlikely.

Unfortunately I no longer have a laptop with TPM to test with.

Thank you for your comments.

It is not something I have tried to recreate since I read that logging out gracefully was a prerequisite. Unfortunately I no longer have a laptop with TPM to test with. I do know that I never manually suspended BitLocker so it is possible it was never setup correctly.

Sorry to burst your bubble, but you have the key fact wrong. BitLocker does not automatically suspend itself on logon. Suspending BitLocker requires manual action by a local administrator. In your particular scenario; it appears that at some point you manually suspended BitLocker; then simply forgot to resume it. When you pulled the drive; it was in that suspended state. If you had BitLocker properly running in its default state; you would have needed the recovery key to access the data.

It's like leaving your front door unlocked; and blaming the lock maker when you house gets robbed...

Good Morning,
Your blog post concerned me so I decided to run a few tests but was unable to bypass the requirement of entering the bitlocker key to access the drive.
I tried three scenarios
1) With bitlocker suspended on the laptop, I hibernated it and pulled the drive. I externally mounted the disk and was able to see the data (This was expected due to having bitlocker Suspended)
2) With bitlocker enabled, I hibernated the laptop, pulled the drive and again mounted it externally and was prompted to enter the encryption key. With out entering the key the drive only showed a encrypted container.
3) with Bitlocker enabled and the system running I pulled the hard drive ( trying to simulate worst case scenario like above). Again I mounted the disk externally and was prompted for the key. The drive again only showed the encrypted container.

Have you tested this recently?
Is there something I'm missing, or another way for me to test this?

Thanks for your help.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment