Home page logo

bugtraq logo Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw
From: Rickard Berglind <Rickard.Berglind () EIKNES SE>
Date: Thu, 25 Jan 2001 16:29:08 +0100

Scott Culp, Security Program Manager wrote :

While EFS does indeed work as Rickard discusses, this is not new
information.  For instance, "Encrypting File System for Windows 2000"
ypt.asp, p 22) notes the following:

Since this white paper repeatedly stated that EFS will guard
user's data against attackers with physical access to the disk
it might seem a little strange to deliberately leave data
in plain text. With all respect, personally I am not sure if the fact
that you did know about this behaviour makes anything better or worse.

 From the same white paper, same page as noted earlier:

"An individual with physical access to the machine could potentially
attempt sophisticated attacks by going to the disk directly. Attempts
to read the data this way will fail because it is encrypted"

This is obviously not the entire truth because it only addresses
the encrypted file, which I am sure, is hard to gain access to.

For a programming layman it seems like a minor problem to include
code to properly overwrite the old file.

For your information: I did write to Microsoft both in Sweden and
in the US about one month ago and reporting what I found, but have
not yet received any response. Perhaps because this fact was known
and expected.

Rickard Berglind

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]