<![CDATA[Yet another #BitLocker "exploit" circulating.]]>Yet another "exploit" circulating.

This is a friendly reminder that if you set your system to just unlock with TPM alone, the system is not protected against determined attacker. BitLocker with TPM cannot protect your system unless if you configure the system to request PIN as well.

See: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/countermeasures

]]>https://board.circlewithadot.net/topic/3a26c1b2-6bf0-43b7-9f17-29614924d337/yet-another-bitlocker-exploit-circulating.RSS for NodeThu, 14 May 2026 23:35:40 GMTWed, 13 May 2026 11:07:56 GMT60<![CDATA[Reply to Yet another #BitLocker "exploit" circulating. on Wed, 13 May 2026 11:35:31 GMT]]>@gabrielesvelto Any solution that unlocks the encryption automatically without user having to provide "something you know" (*) is vulnerable to attacks by definition.

*) "something you have" may be good enough, for example some token or USB key. In this case you need to accept the risk of the attacker gaining access to the token, however.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116567056811628615https://board.circlewithadot.net/post/https://infosec.exchange/users/harrysintonen/statuses/116567056811628615Wed, 13 May 2026 11:35:31 GMT<![CDATA[Reply to Yet another #BitLocker "exploit" circulating. on Wed, 13 May 2026 11:21:24 GMT]]>@harrysintonen if you need a pre-boot PIN to make BitLocker work, wouldn't using hardware full disk encryption just be a better option? If I have to input a password or PIN at boot I'd rather use what the hardware already provides rather than Microsoft's implementation.

]]>https://board.circlewithadot.net/post/https://mas.to/users/gabrielesvelto/statuses/116567001327542847https://board.circlewithadot.net/post/https://mas.to/users/gabrielesvelto/statuses/116567001327542847Wed, 13 May 2026 11:21:24 GMT