SECURITY: Microsoft will provide BitLocker recovery keys to the FBI

Friday, January 30, 2026

https://www.ghacks.net/2026/01/24/microsoft-confirms-it-can-share-windows-11-bitlocker-keys-with-law-enforcement/

Microsoft Confirms It Can Share Windows 11 BitLocker Keys With Law Enforcement
Arthur K
Jan 24, 2026

*** begin quote ***

Microsoft has confirmed that it will provide BitLocker recovery keys to the Federal Bureau of Investigation if presented with a valid legal request. The confirmation follows reporting that Microsoft supplied encryption keys to law enforcement during a criminal investigation in 2025.

The situation is tied directly to how Windows 11 handles device encryption by default. When a user signs in with a Microsoft Account, the operating system automatically backs up the device’s BitLocker recovery key to Microsoft’s cloud unless the user explicitly chooses another option during setup.

*** end quote ***

This is “an upsetting disclosure”. 

Computer noobs, and average Users will incorrectly assume that their “keys” are only theirs to control.

Like the bitcoin admonition, “not your keys; not your coins”, if anyone has your “encryption keys” they have your data.

The important part to be aware of is that the technology company who gives up your keys is under no obligation to inform you.  Then may even be “silenced” by the court order.

The internet, a while ago, developed the “warrant canary”, which is displayed on their website. When served with a gag order, they take the canary down.  You can be silenced but you can not be forced to display it.  Your Users can infer from its absence that you have been served.

When the Gooferment exceeds its Constitutional role, our liberty is at risk.  Hence I urge every one to display the “warrant canary” to demonstrate their commitment to the First Amendment and free speech.

“The Founders knew that a democracy would lead to some kind of tyranny. The term democracy appears in none of our Founding documents. Their vision for us was a Republic and limited government.” — Walter E. Williams  

— 30 —

Leave a Comment » | SECURITY | Tagged: , , , , , | Permalink
Posted by reinkefj

SECURITY: Email is NOT secure; password resets by email is just stupid!

Wednesday, May 3, 2023

https://www.ghacks.net/2023/04/28/protect-your-money-att-email-accounts-under-attack-by-hackers/

Protect your money: AT&T email accounts under attack by hackers
Onur Demirkol
Apr 28, 2023

*** begin quote ***

A recent report says that hackers have been breaking into email addresses provided by AT&T and stealing huge amounts of cryptocurrency.

According to a report from Tech Crunch, unknown hackers have been hacking email addresses provided by AT&T to steal cryptocurrency from users. The report says that the attacks started at the beginning of April by a gang of cybercriminals. They found a way to hack into email addresses and steal people’s money on crypto.

The hackers have gained access to a section of AT&T’s internal network, allowing them to generate mail keys for any user. Mail keys are used by AT&T users to log into their accounts with third-party apps like Outlook without using their passwords. In other words, they are a kind of “secure measure” that allows log-ins from third-party apps.

*** and ***

If you own an email account provided by AT&T, you might want to improve your security measures or the different precautions. The affected email addresses include att.net, sbcglobal.net, bellsouth.net, and other AT&T email addresses.

*** end quote ***

As a former Wall Street InfoSec guy, I never allowed my enterprises passwords to be reset by email.

Guess I was a little ahead of my time and a lot of good it did me.

Argh!

—30—

Leave a Comment » | SECURITY | Tagged: , , , , , | Permalink
Posted by reinkefj