BitLocker Zero-Day Exposes Windows Drives to Unauthorized Access

A security researcher, Chaotic Eclipse, has dropped a bombshell by releasing proof-of-concept code for two unpatched Windows vulnerabilities, citing frustration with Microsoft's handling of previous bug reports. This move exposes Windows drives to unauthorized access, even with TPM+PIN protection in place.

https://osintsights.com/bitlocker-zero-day-exposes-windows-drives-to-unauthorized-access?utm_source=mastodon&utm_medium=social

#Bitlocker #ZeroDay #Windows #Tpm #MfaBypass

LUKSbox: Encrypted vaults that survive the next decade

LUKSbox는 클라우드나 공유 저장소에 저장하는 민감한 파일을 사용자의 키로 로컬에서 암호화하여 저장하는 오픈소스 암호화 볼트 솔루션입니다. FIDO2, TPM 2.0 하드웨어 인증과 포스트 양자암호(ML-KEM)를 지원해 법적 강제력에도 데이터 노출을 방지하며, 무결성 검증과 롤백 방지 기능도 갖추고 있습니다. AES-256-GCM-SIV, Argon2id, HMAC-SHA256 등 검증된 암호화 기법을 사용하며, 다양한 플랫폼에서 CLI, TUI, GUI 인터페이스를 제공합니다. 현재 1.0 이전 버전으로 내부 감사를 여러 차례 거쳤으며, 외부 감사와 실사용 배포가 예정되어 있습니다.

https://github.com/PentHertz/LUKSbox

#encryption #fido2 #tpm #postquantum #cloudsecurity

"Trusted Platform Module (TPM)" lügt doch schon beim Namen - wie soll ich etwas vertrauen, was propritär ist und keinerlei Einsichtnahme in die Funktionsweise erlaubt?

Ich finde "Untrusted Platform Module (UPM)" oder "Please believe me I am a good Module (PBMIAGM)" wäre besser.

#TPM

Did a new release of ssh-tpm-agent.

https://github.com/Foxboron/ssh-tpm-agent/releases/tag/v0.9.0

`ssh-tpm-add` now supports `-c` for confirmation dialogs before key usage, along with a nice process chain. Thanks to @mic92

#TPM #Security #OpenSSH #SSH

Physical security has become an important aspect of protecting confidential computing workloads. Physical access is typically excluded from hardware vendors' CVM attack models, leaving physical and relay attacks largely unaddressed.
Flashbots and Intel have each been working independently on solutions to help bridge this physical-access gap: https://writings.flashbots.net/mind-the-gap-tee-poc

#ConfidentialComputing #CloudSecurity #TPM

TPM Live: Gerrymandering and White Nationalism at the Supreme Court With Kate Riga and John Light - TPM – Talking Points Memo

https://talkingpointsmemo.com/edblog/supreme-court-vra-substack-live

#TPM #RobertsCourt #VRA #journalism #democracy

Ubuntu 26.04 installation experience #systeminstallation #activedirectory #tpm

https://askubuntu.com/q/1566284/612

TPM Can Type Your Linux LUKS Password For You

https://watch.linuxrenaissance.com/w/bSaGD5RrZ8eHuaPEpeN1zD