Security Featured Article

iViZ ,a company that specializes in on-demand penetration testing, announced its discovery of a new class of vulnerability. This vulnerability lets attackers steal computer boot passwords and reach the pre-boot authentication software like hard disk encryption tools. It can result in unauthorized access and theft of confidential data, contributing to an already big problem; for 2007, the global loss due to data theft was estimated at $40 billion.

 

"Surprisingly, this vulnerability has been existing for 25 years," said Jonathan Brossard, iViZ lead security researcher and discoverer of the vulnerability. "Programmers unaware of this security hole have coded boot password feature in such a way that user entered text do not get flushed from memory properly leading to inadvertent leakage and theft. Even hard-drive encryption does not help in this case,"

 

The vulnerability affects Microsoft (News - Alert) Bitlocker on the latest TPM (but not Vista SP1), Truecrypt, Intel/HP BIOS and others.

 

iViZ has already informed all the impacted vendors.

 

"We appreciate vendors like Microsoft, Intel (News - Alert), HP taking a proactive approach in providing fixes to users, " said Bikash Barai, CEO of iViZ. "iViZ is committed to initiatives making the web safe and would continue to conduct research that helps to secure organizations worldwide."

 

iViZ is an information security company that provides end-to-end, automated penetration testing on-demand. Its technology can simulate the intelligence of a human hacker and also detect all possible attack paths in a system or the network. It then provides the remedies also.

 

iViZ offers On-Demand Penetration Testing for proactive security risk management and compliance for standards such as SOX, PCI, HIPAA or ISO 27001. The Software-as-a-Service (SaaS (News - Alert)) model replaces the conventional time taking, costly and non-comprehensive manual testing. It provides the testing capability anytime, anywhere.