Take your daily dose of sensational headlines in the IT press with a grain of salt!

In the last couple of weeks, the blogosphere has been abuzz with news that (Microsoft’s) BitLocker drive partition encryption process was penetrated, and indeed, easily defeated.

My first thought upon reading the research document from a team including the esteemed Edward Felton, was that this was an attack more likely to occur in exotic situations, and/or against highly targeted victims.

Where are the cooler heads?

The entire Internet went ablaze, with an unbelievably high number of articles front-running the initial article until one of the worst attributes of the Web, the ability to create a self-sustaining, albeit false, echo chamber, came to fore. Everyone and man+dog opined that Microsoft had done us in again.

Had they?

Almost immediately, Troy Arwine, in an article on the “Stay Safe” Cyber Security blog, immediately refuted some of the assertions of the rather sensationally-headlined paper.

It was drowned out by cries of him (Arwine) being a ‘homer’, since he worked for Microsoft.

Independent thought, at last!

Last Friday, Endpoint Technologies Associates, a highly respected technology analysis firm, came out with their independent analysis of the Mr. Felton’s paper.

Titled Popsicle Hack tries to Chill Zeal for Hardware Security, and authored by Roger Kay, the analysis looked the issue described in the research document, and at the feasibility of the attack being carried out willy-nilly as headlines were screaming.

The conclusion: such an attack was not likely to occur randomly.

After reading the analysis, I contacted Roger for some expansion or clarification of some of the conclusions in the document.

[John Obeto] In the light of the post by Troy Arwine on the Microsoft "Stay Safe" Cyber Security blog, and your examination of the issue, am I right in concluding that this is a very unlikely attack vector for most computer installations?

[Roger Kay] Very unlikely; people are more likely to try BitUnlocker than the Popsicle Hack, which requires physical manipulation of memory rather than just attaching a USB cable.

[JO] Would it be fair to declare that this hack would be somewhat esoteric, and probably more likely to be used in a directed attack, such as in corporate or industrial espionage?

[RK] Esoteric is right. Remember, crooks are opportunistic and gravitate toward to easiest prey. Spooks and other professionals go for specific targets. So, BitUnlocker and the Popsicle Hack would become part of their arsenal.

[JO] Does this hack mean that the protection afforded by the use of BitLocker, either by itself, or in conjunction with a built-in TPM module, is no longer useful?

[RK] Nope, if you read Troy's post, it's clear that to be protected, you need to employ a comprehensive, layered method. Of course, no security is absolute, but it's better to be protected than not, particularly when opportunists are choosing their targets.

The issue could not be any clearer.

In other words, while it sounds easy, the only ones who could pull of this sort of a hack are professionals, who should have known about this before the Felton paper. (And are probably upset at him and his colleagues for publicizing it!)

Meaning that instituting a policy of just utilizing TPM, BitLocker, and other encryption methods to protect your computing assets, then assuming all is well, is no policy at all.

As with physical assets, you have t be ever vigilant, and use the technologies above as part of a comprehensive policy consistent with industry best practices, regulatory directives, and corporate document-retention

Thank you for taking the time, Roger.

His analysis is here.

Noted analyst Roger Kay is president of Endpoint Technologies Associates.