Microsoft OneDrive - Encryption Keys Uploaded?
- Details
- Created on Tuesday, 23 December 2014 08:56
Microsoft OneDrive in NSA PRISM
A sends:
1) Bitlocker keys are uploaded to OneDrive by 'device encryption'.
"Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.
...
If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created."
http://technet.microsoft.com/en-us/library/dn306081.aspx
2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones.
"BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices."
http://technet.microsoft.com/en-us/library/dn306081.aspx#BKM...
3) The tech media and feature articles recognise this.
"... because the recovery key is automatically stored in SkyDrive for you."
http://www.zdnet.com/surface-bitlocker-and-the-future-of-encryption-7000024613/
4) Here's how to recover your key from Sky/OneDrive.
"Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to ...onedrive.com..."
http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27)
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-
Documents-Uncompressed.pdf
Source http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
CISA and CNMF Analysis of SolarWinds-related Malware
CISA and CNMF Analysis of SolarWinds-related Malware
Original release date: April 15, 2021CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell[…]
Created on: Apr 15, 2021 | 08:00 am
Apr 15, 2021 | 08:00 am -
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks
Original release date: April 15, 2021CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on Russian Foreign Intelligence Service (SVR) actors scanning for and exploiting vulnerabilities to compromise U.S.[…]
Created on: Apr 15, 2021 | 07:31 am
Apr 15, 2021 | 07:31 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: April 15, 2021Google has updated the stable channel for Chrome to 90.0.4430.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.CISA encourages users and administrators[…]
Created on: Apr 15, 2021 | 04:47 am
Apr 15, 2021 | 04:47 am -
Juniper Networks Releases Security Updates
Juniper Networks Releases Security Updates
Original release date: April 15, 2021Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the Juniper[…]
Created on: Apr 15, 2021 | 04:45 am
Apr 15, 2021 | 04:45 am -
Threat Actors Targeting Cybersecurity Researchers
Threat Actors Targeting Cybersecurity Researchers
Original release date: April 14, 2021Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites[…]
Created on: Apr 14, 2021 | 07:54 am
Apr 14, 2021 | 07:54 am -
Google Releases Security Updates for Chrome
Google Releases Security Updates for Chrome
Original release date: April 13, 2021Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome[…]
Created on: Apr 13, 2021 | 17:23 pm
Apr 13, 2021 | 17:23 pm -
SAP Releases April 2021 Security Updates
SAP Releases April 2021 Security Updates
Original release date: April 13, 2021SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the SAP Security[…]
Created on: Apr 13, 2021 | 14:09 pm
Apr 13, 2021 | 14:09 pm -
Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities
Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities
Original release date: April 13, 2021 | Last revised: April 14, 2021Microsoft's April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the[…]
Created on: Apr 13, 2021 | 09:41 am
Apr 13, 2021 | 09:41 am -
Adobe Releases Security Updates
Adobe Releases Security Updates
Original release date: April 13, 2021Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system.CISA encourages users and administrators to review the following Adobe Security[…]
Created on: Apr 13, 2021 | 09:30 am
Apr 13, 2021 | 09:30 am -
Updates on Microsoft Exchange Server Vulnerabilities
Updates on Microsoft Exchange Server Vulnerabilities
Original release date: April 12, 2021CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting[…]
Created on: Apr 12, 2021 | 10:19 am
Apr 12, 2021 | 10:19 am
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |