Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Jeremy Epstein <jepstein () WEBMETHODS COM>
Date: Mon, 22 Jan 2001 18:16:42 -0500
Russ,
To the best of my knowledge, Peter Guttman(sp?) has demonstrated for years now that there is no form of over-writing which makes any substantial difference to the ability to recover previously written data from a computer hard disk.
You're correct that Peter Gutmann (note spelling) has shown that you can recover anything, given enough time & money, from an erased disk. It's not outrageously expensive or difficult, but it's certainly non-trivial. But I don't think that's what the point was. I think the point was that the data is NEVER overwritten on disk. That's much easier than Peter's schemes for retrieving data. You don't need any special hardware to do it, unlike Peter's schemes. [None of which is to take away from Peter's excellent research...]
My understanding of current "high security" standards wrt the re-use of disks which previously contained classified materials is that they only be re-used in similarly classified systems, or, are destroyed beyond any form of molecular reconstruction (e.g. melted).
That's generally true, although it depends on how classified the data was. Disks containing Secret data could be reused for unclassified work with sufficient overwriting, but Top Secret was never reusable. That was a few years ago; it may have changed.
So to suggest that your perceived EFS flaw can be resolved by over-writing is naive. The only solution is to encrypt in memory or use some removable partition as the temp space.
Disagree. Security isn't an absolute. Overwriting makes it significantly harder to recover deleted data, although certainly not impossible. It's enough of an impediment that it may encourage the attacker to go read someone else's disk. And that may be enough, depending on the sensitivity of the data. --Jeremy
Current thread:
- BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 19)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- <Possible follow-ups>
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)