Found this on the Bruce Schneier site.

https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17

Defeating Microsoft’s Trusted Platform Module

[2021.08.09] This is a really interesting story explaining how to
defeat Microsoft’s TPM in 30 minutes — without having to solder
anything to the motherboard.
Researchers at the security consultancy Dolos Group, hired to test the
security of one client’s network, received a new Lenovo computer
preconfigured to use the standard security stack for the organization.
They received no test credentials, configuration details, or other
information about the machine.

They were not only able to get into the BitLocker-encrypted computer,
but then use the computer to get into the corporate network.

It’s the “evil maid attack.” It requires physical access to your
computer, but you leave it in your hotel room all the time when you go
out to dinner.

Original post here:
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

First post under this ID, no archive...

--
harry@right.here.com wrote:

> Path: eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
> From: harry@right.here.com
> Newsgroups: alt.comp.os.windows-10,alt.windows7.general,alt.privacy.anon-server
> Subject: How To Get Into A BitLocker-encrypted Computer
> Date: Fri, 20 Aug 2021 19:53:58 -0500
> Organization: A noiseless patient Spider
> Lines: 25
> Message-ID: <3lj0igd0lm61murltavk28ggo8887c60q0@4ax.com>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=utf-8
> Content-Transfer-Encoding: 8bit
> Injection-Info: reader02.eternal-september.org; posting-host="15a708afe1c4d073423e58463c883234"; logging-data="29413"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Fbqc13j529hQHRKXBJXzb"
> Cancel-Lock: sha1:3bKuZw2GjDhuW1DGOeErl5HIx1Q=
> X-No-Archive: yes
> X-Newsreader: Forte Agent 1.93/32.576 English (American)
> Xref: reader02.eternal-september.org alt.comp.os.windows-10:151790 alt.windows7.general:195549 alt.privacy.anon-server:82373
>
> Found this on the Bruce Schneier site.
>
> https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17
>
> Defeating Microsoft� Ts Trusted Platform Module
>
> [2021.08.09] This is a really interesting story explaining how to
> defeat Microsoft� Ts TPM in 30 minutes � " without having to solder
> anything to the motherboard.
> Researchers at the security consultancy Dolos Group, hired to test the
> security of one client� Ts network, received a new Lenovo computer
> preconfigured to use the standard security stack for the organization.
> They received no test credentials, configuration details, or other
> information about the machine.
>
> They were not only able to get into the BitLocker-encrypted computer,
> but then use the computer to get into the corporate network.
>
> It� Ts the � oevil maid attack.� It requires physical access to your
> computer, but you leave it in your hotel room all the time when you go
> out to dinner.
>
> Original post here:
> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
>
>
>

On 2021-08-20 8:53 p.m., harry@right.here.com wrote:
> Found this on the Bruce Schneier site.
>
> https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17
>
> Defeating Microsoft’s Trusted Platform Module
>
> [2021.08.09] This is a really interesting story explaining how to
> defeat Microsoft’s TPM in 30 minutes — without having to solder
> anything to the motherboard.
> Researchers at the security consultancy Dolos Group, hired to test the
> security of one client’s network, received a new Lenovo computer
> preconfigured to use the standard security stack for the organization.
> They received no test credentials, configuration details, or other
> information about the machine.
>
> They were not only able to get into the BitLocker-encrypted computer,
> but then use the computer to get into the corporate network.
>
> It’s the “evil maid attack.” It requires physical access to your
> computer, but you leave it in your hotel room all the time when you go
> out to dinner.
>
> Original post here:
> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network

Ridiculously interesting. Of course, with physical access to the
hardware being considered, there is no amount of security that is likely
to protect you. I can only hope that the security is sufficient for
remote attacks.

--
SilverSlimer
@silverslimer

On Fri, 20 Aug 2021 21:52:28 -0400, SilverSlimer <silver@slim.er>
wrote:

>On 2021-08-20 8:53 p.m., harry@right.here.com wrote:
>> Found this on the Bruce Schneier site.
>>
>> https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17
>>
>> Defeating Microsoft’s Trusted Platform Module

>>
>> Original post here:
>> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
>
>Ridiculously interesting. Of course, with physical access to the
>hardware being considered, there is no amount of security that is likely
>to protect you. I can only hope that the security is sufficient for
>remote attacks.

Having their hands of various comps through the years which were
encrypted with TrueCrypt or PGP didn't help the gov't crack them.
They went to court a number of times trying to force the owner to give
up the password/key/passphrase.

I remember one time when the owner's ex-husband ratted out the
ex-wife's password or whatever. How mean was that?

Of course, you better damn well have one very good password, key or
passphrase.

In article <sfplv7$aum$1@dont-email.me>
John Doe <always.look@message.header> wrote:
>
> First post under this ID, no archive...
>

Whiner.

harry@right.here.com wrote:
> Found this on the Bruce Schneier site.
>
> https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17
>
> Defeating Microsoft’s Trusted Platform Module
>
> [2021.08.09] This is a really interesting story explaining how to
> defeat Microsoft’s TPM in 30 minutes — without having to solder
> anything to the motherboard.
> Researchers at the security consultancy Dolos Group, hired to test the
> security of one client’s network, received a new Lenovo computer
> preconfigured to use the standard security stack for the organization.
> They received no test credentials, configuration details, or other
> information about the machine.
>
> They were not only able to get into the BitLocker-encrypted computer,
> but then use the computer to get into the corporate network.
>
> It’s the “evil maid attack.” It requires physical access to your
> computer, but you leave it in your hotel room all the time when you go
> out to dinner.
>
> Original post here:
> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
>

https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/

"With little else to go on, the researchers focused on the trusted platform module,
or TPM, a heavily fortified chip installed on the motherboard that communicates
directly with other hardware installed on the machine. The researchers noticed that,
as is the default for disk encryption using Microsoft’s BitLocker, the laptop booted
directly to the Windows screen, with no prompt for entering a PIN or password. That
meant the TPM was where the sole cryptographic secret for unlocking the drive was
stored."

And that's about the level of protection afforded Windows 10 Device Encryption
users. If you use the BitLocker Wizard, you can likely enable more than
one secret for authentication.

A benefit of doing it right, might be that the IT group preparing
the machine, would get to keep the recovery disk created when
the thing is set up. That would help in cases where the user
managed to reset the TPM.

Paul

On Sat, 21 Aug 2021 01:47:19 -0000 (UTC), John Doe
<always.look@message.header> scribbled:

>First post under this ID, no archive...

There was a time when you made YOUR first usenet post. . . and people
thought you were an asshole. Time's gone by. . . and people still think
you're an asshole.

--
May your shit come to life, and kiss you.
- F. Zappa

On 2021-08-20 9:59 p.m., harry@right.here.com wrote:
> On Fri, 20 Aug 2021 21:52:28 -0400, SilverSlimer <silver@slim.er>
> wrote:
>
>> On 2021-08-20 8:53 p.m., harry@right.here.com wrote:
>>> Found this on the Bruce Schneier site.
>>>
>>> https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17
>>>
>>> Defeating Microsoft’s Trusted Platform Module
>
>>>
>>> Original post here:
>>> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
>>
>> Ridiculously interesting. Of course, with physical access to the
>> hardware being considered, there is no amount of security that is likely
>> to protect you. I can only hope that the security is sufficient for
>> remote attacks.
>
> Having their hands of various comps through the years which were
> encrypted with TrueCrypt or PGP didn't help the gov't crack them.
> They went to court a number of times trying to force the owner to give
> up the password/key/passphrase.
>
> I remember one time when the owner's ex-husband ratted out the
> ex-wife's password or whatever. How mean was that?
>
> Of course, you better damn well have one very good password, key or
> passphrase.

Between VeraCrypt and Bitlocker, I would expect that the former is more
effective at keeping the authorities away from the personal data. Since
Microsoft, like Apple, is part of the PRISM program, I'm sure that law
enforcement already knows very well how to get into the encrypted drives
and extract whatever they're looking for. VeraCrypt, in its open-source
nature, is probably a lot harder for them to penetrate.

As for a husband or a wife ratting on their significant other, that's
just wrong. The very nature of marriage makes it clear, in the wedding
ceremony, that once you put those rings on each other's fingers, you
become one. By telling on the other, you are basically telling on
yourself. Perhaps I'm idealistic, but I wouldn't be able to do it.

--
SilverSlimer
@silverslimer

In article <3lj0igd0lm61murltavk28ggo8887c60q0@4ax.com>
>
> Found this on the Bruce Schneier site.
>
> https://www.schneier.com/crypto-gram/archives/2021/0815.html#cg17
>
> Defeating Microsoft’s Trusted Platform Module
>
> [2021.08.09] This is a really interesting story

except it isn't so interesting when one examines the facts.

"OEMs implement the TPM as a component in a trusted computing
platform, such as a PC, tablet, or phone. Trusted computing
platforms use the TPM to support privacy and security scenarios that
software alone cannot achieve."

"The Trusted Computing Group (TCG) is the nonprofit organization
that publishes and maintains the TPM specification. The TCG exists
to develop, define, and promote vendor-neutral, global industry
standards that support a hardware-based root of trust for
interoperable trusted computing platforms. The TCG also publishes
the TPM specification as the international standard ISO/IEC 11889,
using the Publicly Available Specification Submission Process that
the Joint Technical Committee 1 defines between the International
Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC)."

From the article,

"We received a Lenovo laptop preconfigured with the standard
security stack for this organization."

"The SSD was full disk encrypted (FDE) using Microsoft’s BitLocker,
secured via Trusted Platform Module (TPM)"

So the story here is that the TPM was breeched, not so much the OS
that configured to use it.

Harry's reading comprehension deficiency noted.