Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I can't speak to FileVault, but Bitlocker and TPM can be quite easily defeated through sniffing the bitlocker key as it's transmitted from the TPM chip to the CPU to decrypt the drive on boot over the LPC, I2C, or SPI bus. Unless you enable TPM+pin for preboot auth you can't easily protect the data on a Windows PC, even with FDE.


Pretty much every company does preboot auth nowadays for Windows laptops. And remote wipe is also possible, as the side comment says.

Letting the former employee keep the laptop is the default, IMO. Although, frankly, I am not sure I would want to keep mine... sitting on a pile of a dozen laptops accumulated over the years.

And everyone watches porn on their on own devices anyway.


> sitting on a pile of a dozen laptops accumulated over the years.

low power consumption and can probably run a couple of VMs, albeit not super well but well enough


If there's a remote wipe done (one click in MDM software) then there is no key left.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: