Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Defeating Microsoft’s Trusted Platform Module

published on 2021-08-09 11:19:49 UTC by Bruce Schneier
Content:

This is a really interesting story explaining how to defeat Microsoft’s TPM in 30 minutes — without having to solder anything to the motherboard.

Researchers at the security consultancy Dolos Group, hired to test the security of one client’s network, received a new Lenovo computer preconfigured to use the standard security stack for the organization. They received no test credentials, configuration details, or other information about the machine.

They were not only able to get into the BitLocker-encrypted computer, but then use the computer to get into the corporate network.

It’s the “evil maid attack.” It requires physical access to your computer, but you leave it in your hotel room all the time when you go out to dinner.

Original blog post.

Article: Defeating Microsoft’s Trusted Platform Module - published about 3 years ago.

https://www.schneier.com/blog/archives/2021/08/defeating-microsofts-trusted-platform-module.html   
Published: 2021 08 09 11:19:49
Received: 2021 08 09 12:05:09
Feed: Schneier on Security
Source: Schneier on Security
Category: Cyber Security
Topic: Cyber Security
Views: 3

Custom HTML Block

Click to Open Code Editor