Three times in the past three weeks. That’s how many conversations I’ve had people who have blown off any sort of technical or operational weaknesses associated with Microsoft BitLocker when using it as an enterprise full disk encryption solution. They’re well-documented. I highlighted these issues in my recent whitepaper The Hidden Costs of Microsoft BitLocker as well.
I’ve said it before and I’ll continue saying it: I’ve sung the praises of BitLocker for years. I still use it on a few non-critical systems that aren’t storing sensitive information just to create a hoop for someone to jump through if the systems are lost or stolen. The thing is, there’s a tool that can supposedly negate BitLocker’s encryption. It’s called Passware Kit Forensic.
In one of my recent full disk encryption conversations, someone in a highly-visible healthcare organization told me that even though it’s been proven that laptop loss and theft is a big problem for healthcare (backed up by this December 2011 bit from Dark Reading on Ponemon’s new study: Healthcare Data in Critical Condition), that loss/theft/Passware Kit Forensic was not a risk to the business. Even when the law says it is. Amazing stuff.
You see I’ve sung the praises of Passware Kit Forensic to over 1,000 people during my speaking engagements this year alone. I’ve see it in action and have had some colleagues who have used it recommend it to me. But I want to be able to demonstrate on my blog and to my audiences when I present how BitLocker can be compromised using Passware Kit Forensic. Although Passware has some screenshots on the process here, I need more.
Like other bloggers, trade rags and test labs, I’d like to get a (fully-functioning) demo/test/trial copy of the tool first so I can take it for a spin, validate which scenarios the tool can actually work and document my findings here on my blog, my articles and any forthcoming edition of Hacking For Dummies…especially given how pricey Passware Kit Forensic is ($995; it was $795 just recently so apparently there’s a demand for it).
I truly believe this is a big deal and it’d be a win-win for us all. The problem is I can’t seem to get anyone at Passware to get back with me. Numerous emails, a Web form submission and LinkedIn requests have fallen on deaf ears. Maybe Passware is no longer around?
For now, just know that the threat and subsequent business risk is likely there and maybe I’ll have the opportunity to demonstrate it for you in the future.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”