They will be patched. There is also no indication that they 'be been known and exploited till recently.
Two of the three are being used in the wild, with Copy Fail being retroactively found at least 9 days before the disclosure.
What are the indications that the BitLocker vulnerability is already being utilised?
This was allegedly deliberately non patched to be exploited.
Alleged by a guy who was fired from Microsoft. I’d take that with a pinch of salt.
Getting a system without bugs and security issues is impossible, you can at least avoid intentional compromise.
I agree! But other than one angry dude, not much else is pointing towards this being intentional - so far! Let’s see how things go.
That being said, open source repos are being attacked constantly with attempts at intentional malicious code injection - I’m sure you’ve heard of XZ Utils? How many others went through and are being exploited without anyone noticing?
Dude, enjoy your Windows then. This is not Twitter (or X or whatever) where you can go do your master’s bidding of creating noise to try and control the normies. Here most of us know how to do research and have the ability to differentiate bots (human or otherwise) from actual thinking individuals with a modicum of common sense and more than 2 functioning brain cells.
Look at your down-votes and take a hint. That bullshit has no effect here.
This is not Twitter (or X or whatever) where you can go do your master’s bidding of creating noise to try and control the normies
Of course you can! Just like on every other social media! What are you even talking about? :D
Here most of us know how to do research and have the ability to differentiate bots (human or otherwise) from actual thinking individuals with a modicum of common sense and more than 2 functioning brain cells.
You’d think that, but if you actually know a bit about tech, this community is hilariously ignorant most of the time - on all the matters you mentioned. :D
Look at your down-votes and take a hint. That bullshit has no effect here.
The hint is that this community is extremely aggressive towards language that goes against the hive-mind. The bullshit has no effect because people can’t differentiate what’s bullshit and what isn’t, so they just automatically assume any statement that isn’t violently anti-MS is bullshit spewed by bots at their master’s bidding.
I’ll absolutely agree on that one part of your comment. At this point, any comment that remotely seems like its defending anything Microsoft does to me is now considered bullshit attempts by MS to clear their name to some extent. When a company is so consistently voicing lies all over the place, their actions display those lies in clear light, and someone is defending any of it, yeah, no use in even looking into it, so it goes into the ‘planted bot’ bag out of principle alone.
One more thing I’ll agree on is the hive mind mentality, and we all live through that to some degree, no exceptions. We would all like to think we’re this individual entity with minds of our own influenced by nothing and no-one, but we all know that’s bullshit, unless you live in a cave at the top of mount Everest and your community IA made out of fucking squirrels and frozen rocks (no idea if there are caves or squirrels on mount Everest, or rocks for that matter, I pulled those out of my ass). We do have the ability to question everything.
Now, while there’s all kinds of people in Lemmy, there are only 2 main groups that then brach out to the other sub-groups. There’s those of us that want a less “moderated by what may damage the ‘company’” content and discussions, and then there’s those that are here to disrupt and misinform, regardless of if it’s of their own volition or if there’s someone above them pushing it, whatever the intention may be. You’re so clearly part of the latter that blocking you, like you suggested to someone else, would be to your advantage alone, not the community’s. For example, why did you only take a snippet of my comment about how this is not Twitter instead of the whole paragraph? I’ll tell you why. This is the same behavior used by some Christian pastors to manipulate people by reading some small parts of the bible to eliminate the original context and inject their own. You’re too fucking transparent, try harder.
What are the indications that the BitLocker vulnerability is already being utilized?
Microsoft shipping a vulnerable version of the recovery environment. It is the ‘exploit’.
Alleged by a guy who was fired from Microsoft. I’d take that with a pinch of salt.
Such is the nature of closed source software. You select people who will remain complicit till they have a grievance against you. Even if they don’t and talked for moral reasons do you think they would not been fired for it?
That being said, open source repos are being attacked constantly with attempts at intentional malicious code injection - I’m sure you’ve heard of XZ Utils? How many others went through and are being exploited without anyone noticing?
Who knows. How many more went through at closed source software a limited amount of people can test in the same way?
Microsoft shipping a vulnerable version of the recovery environment. It is the ‘exploit’.
Red Hat and Canonical shipped a vulnerable version of SSH, the thing was caught basically hours before hitting all devices around the world.
Should Red Hat and Canonical be now considered hostile as much as MS is?
You select people who will remain complicit till they have a grievance against you. Even if they don’t and talked for moral reasons do you think they would not been fired for it?
I can only answer by saying this: I wish you luck in the job market and hope you’ll eventually find an employer you don’t assume to be a hostile entity towards you.
Who knows. How many more went through at closed source software a limited amount of people can test in the same way?
This is the equivalent of “prove that God doesn’t exist”. We can’t know because they haven’t been found, mate.
Were they the developers of the ssh package? Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.
I am employed, most employers are obviously not as corrupt as the biggest corporations on the planet, they simply can’t afford to.
I agree we can’t know. We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That’s dishonest, lad.
Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.
… one guy claims.
Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.
We don’t have enough information to clearly state that they did this on purpose.
We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That’s dishonest, lad.
Again, read up about the XZ Utils vulnerability. We technically can know, but we don’t know, which was a statement by the guy responsible for package. It’s not dishonest, it’s a statement of fact.
If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.
I’ve read the XZ vulnerability. The very same thing can happen in a closed source corporate project. There are many arrests of foreign intelligence agents that worked in big tech amd/government.
It would of course be easier to cover up. As would vulnerabilities discovered by ai, since they can limit who can check their code.
Two of the three are being used in the wild, with Copy Fail being retroactively found at least 9 days before the disclosure.
What are the indications that the BitLocker vulnerability is already being utilised?
Alleged by a guy who was fired from Microsoft. I’d take that with a pinch of salt.
I agree! But other than one angry dude, not much else is pointing towards this being intentional - so far! Let’s see how things go.
That being said, open source repos are being attacked constantly with attempts at intentional malicious code injection - I’m sure you’ve heard of XZ Utils? How many others went through and are being exploited without anyone noticing?
Dude, enjoy your Windows then. This is not Twitter (or X or whatever) where you can go do your master’s bidding of creating noise to try and control the normies. Here most of us know how to do research and have the ability to differentiate bots (human or otherwise) from actual thinking individuals with a modicum of common sense and more than 2 functioning brain cells.
Look at your down-votes and take a hint. That bullshit has no effect here.
Well, I’m a Linux user so I can’t.
Of course you can! Just like on every other social media! What are you even talking about? :D
You’d think that, but if you actually know a bit about tech, this community is hilariously ignorant most of the time - on all the matters you mentioned. :D
The hint is that this community is extremely aggressive towards language that goes against the hive-mind. The bullshit has no effect because people can’t differentiate what’s bullshit and what isn’t, so they just automatically assume any statement that isn’t violently anti-MS is bullshit spewed by bots at their master’s bidding.
Take your comment as example…
I’ll absolutely agree on that one part of your comment. At this point, any comment that remotely seems like its defending anything Microsoft does to me is now considered bullshit attempts by MS to clear their name to some extent. When a company is so consistently voicing lies all over the place, their actions display those lies in clear light, and someone is defending any of it, yeah, no use in even looking into it, so it goes into the ‘planted bot’ bag out of principle alone.
One more thing I’ll agree on is the hive mind mentality, and we all live through that to some degree, no exceptions. We would all like to think we’re this individual entity with minds of our own influenced by nothing and no-one, but we all know that’s bullshit, unless you live in a cave at the top of mount Everest and your community IA made out of fucking squirrels and frozen rocks (no idea if there are caves or squirrels on mount Everest, or rocks for that matter, I pulled those out of my ass). We do have the ability to question everything.
Now, while there’s all kinds of people in Lemmy, there are only 2 main groups that then brach out to the other sub-groups. There’s those of us that want a less “moderated by what may damage the ‘company’” content and discussions, and then there’s those that are here to disrupt and misinform, regardless of if it’s of their own volition or if there’s someone above them pushing it, whatever the intention may be. You’re so clearly part of the latter that blocking you, like you suggested to someone else, would be to your advantage alone, not the community’s. For example, why did you only take a snippet of my comment about how this is not Twitter instead of the whole paragraph? I’ll tell you why. This is the same behavior used by some Christian pastors to manipulate people by reading some small parts of the bible to eliminate the original context and inject their own. You’re too fucking transparent, try harder.
That’s all I have in terms of responses to your
I wish you all the luck in regaining a bit of happiness in life, so that you can stop with this insane “us vs them” bullshit. It’s unhealthy, mate.
Thanks. I’m happy like this. Publicly hating on Microsoft without rhyme or reason is always the highlight of my day.
Microsoft shipping a vulnerable version of the recovery environment. It is the ‘exploit’.
Such is the nature of closed source software. You select people who will remain complicit till they have a grievance against you. Even if they don’t and talked for moral reasons do you think they would not been fired for it?
Who knows. How many more went through at closed source software a limited amount of people can test in the same way?
Red Hat and Canonical shipped a vulnerable version of SSH, the thing was caught basically hours before hitting all devices around the world.
Should Red Hat and Canonical be now considered hostile as much as MS is?
I can only answer by saying this: I wish you luck in the job market and hope you’ll eventually find an employer you don’t assume to be a hostile entity towards you.
This is the equivalent of “prove that God doesn’t exist”. We can’t know because they haven’t been found, mate.
Were they the developers of the ssh package? Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.
I am employed, most employers are obviously not as corrupt as the biggest corporations on the planet, they simply can’t afford to.
I agree we can’t know. We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That’s dishonest, lad.
… one guy claims.
Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.
We don’t have enough information to clearly state that they did this on purpose.
Again, read up about the XZ Utils vulnerability. We technically can know, but we don’t know, which was a statement by the guy responsible for package. It’s not dishonest, it’s a statement of fact.
If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.
I’ve read the XZ vulnerability. The very same thing can happen in a closed source corporate project. There are many arrests of foreign intelligence agents that worked in big tech amd/government. It would of course be easier to cover up. As would vulnerabilities discovered by ai, since they can limit who can check their code.