Home page logo

bugtraq logo Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw
From: Bryce Walter <brycewalter () HOTMAIL COM>
Date: Mon, 22 Jan 2001 22:46:34 -0000

One of the advertised features of EFS was protection of data in the event of
say a stolen laptop.  EFS was supposed to protect against someone throwing
the harddrive into another system that they did have admin access on, and
circumventing the NTFS permissions in that manner.

Again this issue shows that physical security is the underlying trump card.

Correct me if I'm wrong, but the use of programs that utilize direct disk
access (such as DiskProbe) is restricted to the Local Administrator
account (as per
nt.asp). If an would be attacker has this kind of access, he automatically
has the sufficient power (due to the existence of the recovery agent
certificate, unless the computer is part of a domain (but that's another
story) to decrypt any locally stored file.

Get your FREE download of MSN Explorer at http://explorer.msn.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]