Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw
From: Attonbitus Deus <Thor () HAMMEROFGOD COM>
Date: Wed, 24 Jan 2001 23:26:25 -0800

----- Original Message -----
From: "Dan Kaminsky" <dankamin () cisco com>
<snip>

If you ask me, the user interface itself is the most important
documentation--it's the only thing that, if it's incorrect, is
*guaranteed*
to lead to the wrong thing being done.

You mean like the ISO software running on your routers?  Example: the
access-list logic is different when a crypto map is applied to a sub
interface and matched to the access-list ID; the 'permit' statement no
longer really means 'permit' in its original context.  There is no warning
of this in the user interface at all.  Your engineers expect that I have at
least done a little research before using encryption on a Cisco router, or
it will not work.  It's not that the interface gives me incorrect
information, it gives me none at all.  Of course, I really don't expect you
warn me at every turn because you can't.  The users have to take a little
responsibility for the way they do things, even if they don't want to.


I think my real problem with people running to the docs is that, quite
frankly, the *reason* for something to be recommended is *critical*.

Running to the docs?  Come on, man- all anyone has to do is a simple
Start-Help-"File Encryption" and they get plenty of information on what to
do and what not to do.  It's not like we are talking about doing hours of
research to uncover the hidden truth about temp file creation.  The simple
point is that recommended procedures obviate the issue in this case.  That's
that.  Microsoft is very clear about the propensity for files, even temp
ones, to be written in the clear in other circumstances.

MS is failing to overwrite, even once, either the original file or the
.tmp
file that EFS creates.  That's a bug.

I never said it wasn't a bug, though I am still out on that (and sorry about
spelling 'perceived' incorrectly in my response).  I am saying it is not a
major security issue.

That is the skinny on that.
---------------------------------
Attonbitus Deus
Thor () HammerofGod Com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]