|
| |
|
| (Business News, 07 Oct 2008 ) |
| By Vinod Kataria |
|
Kolkota: iViZ, an Indian information security startup offering on-demand penetration testing, announced its discovery of a new class of vulnerability, which allows attackers to steal computer boot passwords and bypass the security of pre-boot authentication software like hard disk encryption tools. It affects general computer users, enterprises, governments and can result in unauthorized access or theft of confidential data.
Jonathan Brossard, lead security researcher and discoverer of vulnerability, iViZ, said, "Surprisingly, this vulnerability has been existing for 25 years. Programmers unaware of this have coded boot password feature such that user password is not flushed properly leading to inadvertent text leakage and theft from memory. Even hard-drive encryption does not help here. This vulnerability affects Microsoft Bitlocker on the latest TPM (but not Vista SP1), Truecrypt, Intel/HP BIOS and several others.”
Bikash Barai, CEO of iViZ, stated, "We appreciate vendors like Microsoft, Intel, HP proactively providing fixes to users. iViZ is committed to initiatives making the web safe and conducts research that helps secure organizations worldwide."
iViZ
|
| |
|
|
|
|
| |
|
|
Average Rate:
No rating yet |
| |
| |
|
|
|
|
|
|
| 2/12/2008 |
|
| 1/12/2008 |
|
| 1/12/2008 |
|
| |
|
|
|
|
|
|
|
| |
|
|
| |
|
| 1/12/2008 |
|
| 30/10/2008 |
|
| 28/10/2008 |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 21/11/2008 |
|
| 19/11/2008 |
|
| 18/11/2008 |
|
 |
|
 |
|
|
| |
|
|
|
|
| |
|
|
|
|
|
|
| |
|
2/12/2008 |
|
2/12/2008 |
|
2/12/2008 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
2/12/2008 |
|
2/12/2008 |
|
2/12/2008 |
|
1/12/2008 |
|
1/12/2008 |
|
1/12/2008 |
|
|
|
|
|
|
|
|
|
|
| |
|
|
| |
|
|
|
|
| 19/6/2007 |
|
| 1/6/2007 |
|
| 9/4/2007 |
|
|
|
|
|
|
| |
|
|
|
|
|
|
| |
|
|
| |
|
|
|
|
|
