Microsoft OneDrive - Encryption Keys Uploaded?
- Details
- Created on Tuesday, 23 December 2014 08:56
Microsoft OneDrive in NSA PRISM
A sends:
1) Bitlocker keys are uploaded to OneDrive by 'device encryption'.
"Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected.
...
If the device is not domain-joined a Microsoft Account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to online Microsoft account and TPM protector is created."
http://technet.microsoft.com/en-us/library/dn306081.aspx
2) Device encryption is supported by Bitlocker for all SKUs that support connected standby. This would include Windows phones.
"BitLocker provides support for device encryption on x86 and x64-based computers with a TPM that supports connected stand-by. Previously this form of encryption was only available on Windows RT devices."
http://technet.microsoft.com/en-us/library/dn306081.aspx#BKM...
3) The tech media and feature articles recognise this.
"... because the recovery key is automatically stored in SkyDrive for you."
http://www.zdnet.com/surface-bitlocker-and-the-future-of-encryption-7000024613/
4) Here's how to recover your key from Sky/OneDrive.
"Your Microsoft account online. This option is only available on non-domain-joined PCs. To get your recovery key, go to ...onedrive.com..."
http://windows.microsoft.com/en-us/windows-8/bitlocker-recovery-keys-faq
5) SkyDrive (now named OneDrive) is onboarded to PRISM. (pg 26/27)
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-
Documents-Uncompressed.pdf
Source http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm
Subscribe to our Newsletter
Search ALL Articles
Managed V. Non-Managed
US-CERT Latest Warnings
Latest US-CERT Released Warnings
-
Cisco Releases Security Updates
Cisco Releases Security Updates
Original release date: February 20, 2019Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users[…]
Created on: Feb 20, 2019 | 13:23 pm
Feb 20, 2019 | 13:23 pm -
VMware Releases Security Updates
VMware Releases Security Updates
Original release date: February 15, 2019VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and[…]
Created on: Feb 15, 2019 | 16:06 pm
Feb 15, 2019 | 16:06 pm -
Mozilla Releases Security Update for Thunderbird
Mozilla Releases Security Update for Thunderbird
Original release date: February 14, 2019Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and[…]
Created on: Feb 14, 2019 | 12:22 pm
Feb 14, 2019 | 12:22 pm -
Mozilla Releases Security Updates for Firefox
Mozilla Releases Security Updates for Firefox
Original release date: February 12, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC),[…]
Created on: Feb 12, 2019 | 16:26 pm
Feb 12, 2019 | 16:26 pm -
Microsoft Releases February 2019 Security Updates
Microsoft Releases February 2019 Security Updates
Original release date: February 12, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC), part[…]
Created on: Feb 12, 2019 | 12:12 pm
Feb 12, 2019 | 12:12 pm -
Internet Romance Scams
Internet Romance Scams
Original release date: February 12, 2019The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into[…]
Created on: Feb 12, 2019 | 11:28 am
Feb 12, 2019 | 11:28 am -
Cisco Releases Security Update
Cisco Releases Security Update
Original release date: February 12, 2019Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information.The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity[…]
Created on: Feb 12, 2019 | 10:35 am
Feb 12, 2019 | 10:35 am -
Adobe Releases Security Updates
Adobe Releases Security Updates
Original release date: February 12, 2019Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected[…]
Created on: Feb 12, 2019 | 08:39 am
Feb 12, 2019 | 08:39 am -
New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity
New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity
Original release date: February 12, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14,[…]
Created on: Feb 12, 2019 | 05:19 am
Feb 12, 2019 | 05:19 am -
runc Open-Source Container Vulnerability
runc Open-Source Container Vulnerability
Original release date: February 11, 2019 | Last revised: February 12, 2019The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that[…]
Created on: Feb 11, 2019 | 11:26 am
Feb 11, 2019 | 11:26 am
 |
High Desert Technology is a Complete IT Solution with a Privacy and Security Emphasis!
 |
 |