Re: "Because MS was just blindly trusting them all, they have to take some of the blame."
It would be interesting to know if MS was testing and vetting SSD encryption from various vendors before approving BitLocker to utilise it, or whether they were just allowing any device that stated that it supported hardware encryption to go ahead. If it's the former, their testing clearly could have been better. If it's the latter, it's a major risk if Bitlocker is allowing untested and potentially insecure hardware encryption to take the place of its own encryption capabilities.
Microsoft could well have tested this and still not found the problem, because the problem isn't with the encryption itself but an exploit on the attached password system. Nothing to do with AES. And these things have been out in the wild for a long time before this vulnerability has emerged and used by far more than just Microsoft. Microsoft is not everybody's parent. If someone plugs in hardware that later turns out to have a vulnerability, MS are not going to tell you at the time you can't use it.
Biting the hand that feeds IT
