Tag: Microsoft

Microsoft Announces Plans to Add DNS Over HTTPS to Windows

Nice to see Microsoft join the DNS Over HTTPS crowd.

Here in Windows Core Networking, we’re interested in keeping your traffic as private as possible, as well as fast and reliable. While there are many ways we can and do approach user privacy on the wire, today we’d like to talk about encrypted DNS. Why? Basically, because supporting encrypted DNS queries in Windows will close one of the last remaining plain-text domain name transmissions in common web traffic.

Providing encrypted DNS support without breaking existing Windows device admin configuration won’t be easy. However, at Microsoft we believe that “we have to treat privacy as a human right. We have to have end-to-end cybersecurity built into technology.”

We also believe Windows adoption of encrypted DNS will help make the overall Internet ecosystem healthier. There is an assumption by many that DNS encryption requires DNS centralization. This is only true if encrypted DNS adoption isn’t universal. To keep the DNS decentralized, it will be important for client operating systems (such as Windows) and Internet service providers alike to widely adopt encrypted DNS.

Black Hat Presentation – Bypassing Local Windows Authentication to Defeat Full Disk Encryption

Ian Haken makes a fascinating presentation of his research on bypassing Bitlocker on a Windows machine if you have physical access to the machine you’re trying to crack into. Especially interesting is the point Haken makes at the end that this particular attack worked (Microsoft has since fixed this particular issue)  because of assumptions about the security model that Microsoft made years ago that are no longer true–but those assumptions are instantiated in the way that various parts of Windows authentication works.