/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsLAS VEGAS, USA: iViZ, an on-demand penetration testing company, announced its discovery of a new class of vulnerability at Defcon 16, the security conference.
This vulnerability allows attackers to steal computer boot passwords and bypass the security of pre-boot authentication software like hard disk encryption tools. It affects general computer users, enterprises, governments and can result in unauthorized access or theft of confidential data. Incidentally, in 2007 the global loss due to data theft is estimated to be $40 billion.
Jonathan Brossard, lead security researcher, iViZ, and discoverer of this vulnerability, said: "Surprisingly, this vulnerability has been existing for 25 years. Programmers, unaware of this security hole, have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case. This vulnerability affects Microsoft Bitlocker on the latest TPM (but not Vista SP1), Truecrypt, Intel/HP BIOS and several others.
Bikash Barai, CEO, iViZ, said: "As a part of responsible disclosure practice, iViZ has already briefed all the affected vendors. We appreciate vendors such as Microsoft, Intel and HP taking a proactive approach in providing fixes to users. iViZ is committed to initiatives making the web safe and would continue to conduct research that helps to secure organisations worldwide.
Source: Business Wire