NASA Employees Warned About Windows Vista Security Loophole
Vista Ultimate and Enterprise editions are the greatest risk unless administrators take preventive steps, the agency says.
Computer security specialists at NASA have warned employees of the space agency not to let down their guard just because they may be using workstations or laptops armed with BitLocker, an encryption feature found on the Ultimate and Enterprise editions of Microsoft's Windows Vista operating system.
NASA is concerned about a loophole in BitLocker that could allow thieves to access data from a stolen computer or laptop despite encryption.
A document posted on NASA's Web site notes that BitLocker can be configured to require users to insert a USB authentication key into their PCs or laptops in order to boot up. However, it cautions that this feature doesn't work if users shut down their computers in "sleep" mode.
The security feature does work if a machine is set to "hibernate" rather than sleep, so NASA has issued the following directive to its IT managers: "An administrator can reduce the risk of circumvention of BitLocker (through theft of a 'sleeping' rather than 'hibernating' machine) by reducing the duration before the machine goes into hibernation."
The undated document was authored by Aaron Powell and Christopher Vincent, two security specialists who work on NASA's Scientific and Engineering Workstation Procurement Contract, a program through which NASA and related agencies acquire hardware and software.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.