Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw

From: Russ <Russ.Cooper () RC ON CA>
Date: Fri, 19 Jan 2001 15:10:12 -0500

To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years
now that there is no form of over-writing which makes any substantial
difference to the ability to recover previously written data from a computer
hard disk.

My understanding of current "high security" standards wrt the re-use of
disks which previously contained classified materials is that they only be
re-used in similarly classified systems, or, are destroyed beyond any form
of molecular reconstruction (e.g. melted).

So to suggest that your perceived EFS flaw can be resolved by over-writing
is naive. The only solution is to encrypt in memory or use some removable
partition as the temp space.

Anyone know if PGPdisk works differently than EFS does?

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

Current thread:

BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 19)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
  - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- <Possible follow-ups>
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
  - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Bryce Walter (Jan 23)

(Thread continues...)