Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Bryce Walter <brycewalter () HOTMAIL COM>
Date: Mon, 22 Jan 2001 22:46:34 -0000
One of the advertised features of EFS was protection of data in the event of say a stolen laptop. EFS was supposed to protect against someone throwing the harddrive into another system that they did have admin access on, and circumventing the NTFS permissions in that manner. Again this issue shows that physical security is the underlying trump card. --------------
Correct me if I'm wrong, but the use of programs that utilize direct disk access (such as DiskProbe) is restricted to the Local Administrator account (as per http://www.microsoft.com/windows2000/guide/professional/solutions/manageme nt.asp). If an would be attacker has this kind of access, he automatically has the sufficient power (due to the existence of the recovery agent certificate, unless the computer is part of a domain (but that's another story) to decrypt any locally stored file.
_________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- Re: BugTraq: EFS Win 2000 flaw, (continued)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)