According to the researcher, YellowKey appears unusual for a previously unknown security bug. Nightmare-Eclipse explained that the flaw can be reproduced by copying an attached "FsTx" folder...
Microsoft is the developer of the vulnerable bitlocker package and the ones who chose to ship it.
… one guy claims.
Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.
We don’t have enough information to clearly state that they did this on purpose.
We can know for FOSS software. You are treating uknownable as being less than the known bugs in Foss software. That’s dishonest, lad.
Again, read up about the XZ Utils vulnerability. We technically can know, but we don’t know, which was a statement by the guy responsible for package. It’s not dishonest, it’s a statement of fact.
If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.
I’ve read the XZ vulnerability. The very same thing can happen in a closed source corporate project. There are many arrests of foreign intelligence agents that worked in big tech amd/government.
It would of course be easier to cover up. As would vulnerabilities discovered by ai, since they can limit who can check their code.
If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.
I know. It was mentioned in the article. It’s precisely why I said:
Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.
… one guy claims.
Another possibility is that they have two separate builds fro BitLocker, and the one used in WinRE is vulnerable which they missed.
We don’t have enough information to clearly state that they did this on purpose.
Again, read up about the XZ Utils vulnerability. We technically can know, but we don’t know, which was a statement by the guy responsible for package. It’s not dishonest, it’s a statement of fact.
If you actually read his github you would know that there is a different version of the responsible component between the recovery environment and an installation. Only the RE has the issue.
I’ve read the XZ vulnerability. The very same thing can happen in a closed source corporate project. There are many arrests of foreign intelligence agents that worked in big tech amd/government. It would of course be easier to cover up. As would vulnerabilities discovered by ai, since they can limit who can check their code.
I know. It was mentioned in the article. It’s precisely why I said: