Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw
From: Kirk Corey <kcorey () dsi-inc net>
Date: Thu, 25 Jan 2001 10:10:17 -0600

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Attonbitus Deus
Sent: Thursday, January 25, 2001 1:26 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: BugTraq: EFS Win 2000 flaw


<snip>

Running to the docs?  Come on, man- all anyone has to do is a simple
Start-Help-"File Encryption" and they get plenty of
information on what to
do and what not to do.  It's not like we are talking about
doing hours of
research to uncover the hidden truth about temp file
creation.  The simple
point is that recommended procedures obviate the issue in
this case.  That's
that.  Microsoft is very clear about the propensity for
files, even temp
ones, to be written in the clear in other circumstances.

When I got to Start-Help-"File Encryption", it does tell me that I should
encrypt the folder and the file, but does not tell me that I should never
have created the file in an unencrypted state to begin with.  So, to get the
MS-recommended procedure, you do have to run to the docs (or Bugtraq).

I would also note that Microsoft's MCSE study guide for Windows 2000
Professional does recommend using encrypted folders, but does not explain
why (at least, not with reference to the issue at hand).  Nor does it
explain that what you want to do is to encrypt the folder, and then create
new files within it; the reader could easily assume that if they start with
an encrypted folder, and then move unencrypted files to that folder, they
have followed MS recommendations.

My $.02

Kirk

--------------------------------------------
Kirk Corey, MCP, CCNA
Manager, Information Technologies
Diversified Software Industries, Inc.
kcorey () dsi-inc net
http://www.dsi-inc.net/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault