Microsoft OneDrive - Encryption Keys Uploaded?
- Details
- Created on Tuesday, 23 December 2014 08:56
Microsoft OneDrive in NSA PRISM
A sends:
1) Bitlocker keys are uploaded to OneDrive by 'device encryption'.
"Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.
...
If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created."
http://technet.microsoft.com/en-us/library/dn306081.aspx
2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones.
"BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices."
http://technet.microsoft.com/en-us/library/dn306081.aspx#BKM...
3) The tech media and feature articles recognise this.
"... because the recovery key is automatically stored in SkyDrive for you."
http://www.zdnet.com/surface-bitlocker-and-the-future-of-encryption-7000024613/
4) Here's how to recover your key from Sky/OneDrive.
"Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to ...onedrive.com..."
http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27)
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-
Documents-Uncompressed.pdf
Source http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
CISA Publishes Infographic on Layering Network Security Through Segmentation
CISA Publishes Infographic on Layering Network Security Through Segmentation
Original release date: January 24, 2022CISA has published an infographic to emphasize the importance of implementing network segmentation—a physical or virtual architectural approach that divides a network into multiple segments, each acting as its own subnetwork, to provide additional security[…]
Created on: Jan 24, 2022 | 06:59 am
Jan 24, 2022 | 06:59 am -
McAfee Releases Security Update for McAfee Agent for Windows
McAfee Releases Security Update for McAfee Agent for Windows
Original release date: January 21, 2022McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review McAfee[…]
Created on: Jan 21, 2022 | 10:32 am
Jan 21, 2022 | 10:32 am -
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Original release date: January 21, 2022CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack[…]
Created on: Jan 21, 2022 | 07:19 am
Jan 21, 2022 | 07:19 am -
F5 Releases January 2022 Quarterly Security Notification
F5 Releases January 2022 Quarterly Security Notification
Original release date: January 20, 2022F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or[…]
Created on: Jan 20, 2022 | 09:40 am
Jan 20, 2022 | 09:40 am -
Drupal Releases Security Updates
Drupal Releases Security Updates
Original release date: January 20, 2022Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following[…]
Created on: Jan 20, 2022 | 08:07 am
Jan 20, 2022 | 08:07 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: January 20, 2022Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.CISA encourages users and administrators to review the Chrome[…]
Created on: Jan 20, 2022 | 07:55 am
Jan 20, 2022 | 07:55 am -
Cisco Releases Security Updates for Multiple Products
Cisco Releases Security Updates for Multiple Products
Original release date: January 20, 2022Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the[…]
Created on: Jan 20, 2022 | 07:11 am
Jan 20, 2022 | 07:11 am -
CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0
CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0
Original release date: January 20, 2022 | Last revised: January 24, 2022CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of[…]
Created on: Jan 20, 2022 | 06:51 am
Jan 20, 2022 | 06:51 am -
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Original release date: January 19, 2022Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.CISA encourages[…]
Created on: Jan 19, 2022 | 08:51 am
Jan 19, 2022 | 08:51 am -
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
CISA Adds 13 Known Exploited Vulnerabilities to Catalog
Original release date: January 18, 2022 | Last revised: January 21, 2022CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These[…]
Created on: Jan 18, 2022 | 09:57 am
Jan 18, 2022 | 09:57 am
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |