A security researcher in New Zealand just showed that it’s possible to wire up a low-cost data sniffer to the security chip in a Microsoft Surface laptop…
…and read out the decryption key used by BitLocker, the software that is there to keep the data on your hard disk safe.
That has led to us getting asked, “Is BitLocker cracked? Is disk encryption still worth it?”
The answers are “No” and “Yes”, and this week’s Naked Security Live video explains why.
Watch now for answers the following questions and more:
- Why is BitLocker suddenly in the spotlight?
- How do BitLocker and “full-disk encryption” differ from encryption in general?
- Does this hack mean anyone who steals my encrypted laptop can get at all my data anyway?
- How do I set up disk encryption securely?
- Will encryption slow my laptop down?
- What’s the point of encrypting everything if most of the files aren’t personal data?
- What if I forget the password – wouldn’t a hackable system be handy in that case?
(Watch directly on YouTube if the video won’t play here.)
PS. Like the shirt in the video? They’re available at: https://shop.sophos.com/
Anonymous
Please NO VIDEO!!!
Paul Ducklin
Plenty of our readers enjoy consuming our content in more than just written form, which is why we also do podcasts and videos, and why we receive regular and frequent positive comments on our audio and video offerings.
Mr. Smith
Would it be possible to provide transcripts of the video, for readers who prefer not to watch the video, or may have hearing impairment which makes it unusable?
Paul Ducklin
It’s possible, but we hardly ever do it, for several reasons.
1. Transcripts usually fall to me, and they take me AGES because I am not a stenographer :-)
2. When we’ve tried them in the past, they have only ever got a handful of views each, no matter how many people have claimed they’d use them.
3. We consider spoken and written English to be two different languages, and the way we present information when we do podcasts or videos simply doesn’t read well when transcribed, and isn’t meant to – in other words, our videos aren’t intended for conversion into articles.
4. The YouTube versions of our videos can be watched with autogenerated closed captions, which are surprisingly good these days. I often use them myself when “listening” back to a video when I don’t have headphones. (Click on the cog.) I hope this addresses the issue for those who are hard of hearing but enjoy video-style presentations.
5. We only do videos on topics we’ve already published one or more articles about. This means that those who prefer to read articles aren’t stuck with reading a video transcription that makes a poor or unusual article. So the videos are ‘as well as’ rather than ‘instead of’ written content.
HtH.
Anonymous
Why videos?
Paul Ducklin
Why not? Lots of people enjoy them because they’re more interactive than articles; they’re easier to follow; and there’s simply no reason to object to them given all the other ways we present content. (But you knew that already.)
Gregory J. Deckler
The issue is that many places in corporate America block video when at work. This makes video 100% useless to many. So, it is very important to post information in written form.
Paul Ducklin
To be fair to us, the fact that some employers block video doesn’t make our videos ‘100% useless to many’, not least because many people choose to watch them in their own time; a very significant minority watch them on mobile devices; and very many companies elsewhere in the world don’t block video.
Having said that, we pretty much never do Naked Security Live videos on subjects we haven’t already covered carefully in written form. At least, I don’t everr remember covering a subject in one of our videos that we hadn’t researched in some detail for an article that was already published.
In this case, you can find the link to the written article above; for clarity it is:
https://nakedsecurity.sophos.com/researcher-finds-new-way-to-sniff-windows-bitlocker-encryption-keys
A lot of people like us to do video-style and podcast-style coverage as well as publishing our written stuff (which makes up the vast majority of our content), because they find spoken English easier to follow, or because they find it more personable to see us in action instead of just reading what we’ve already written, or because they can listen at times they can’t read articles, such as during their commute, or simply because variety is the spice of life.
In short: we recognise the importance of posting information in written form, which is why 90% or more of our content is in that form.
Alex
I agree… NO VIDEO. The headline only shows “BitLocker hacked? Disk encryption – and why you still need …” in Google search results.
While I LOVE sources that sound intelligent and fun, I HATE being forced to digest information at someone else’s speed. Please and thank you. Put [VIDEO] at the beginning of your page title and watch your overall views drop and your video watch rate go up to near 100%. It will all make sense.
Anonymous
Strongly agree with Alex. At least label such content as video. I am skipping this and just go to next google hit so I can read about it.