Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Kirk Corey <kcorey () dsi-inc net>
Date: Thu, 25 Jan 2001 10:10:17 -0600
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Attonbitus Deus Sent: Thursday, January 25, 2001 1:26 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: BugTraq: EFS Win 2000 flaw
<snip>
Running to the docs? Come on, man- all anyone has to do is a simple Start-Help-"File Encryption" and they get plenty of information on what to do and what not to do. It's not like we are talking about doing hours of research to uncover the hidden truth about temp file creation. The simple point is that recommended procedures obviate the issue in this case. That's that. Microsoft is very clear about the propensity for files, even temp ones, to be written in the clear in other circumstances.
When I got to Start-Help-"File Encryption", it does tell me that I should encrypt the folder and the file, but does not tell me that I should never have created the file in an unencrypted state to begin with. So, to get the MS-recommended procedure, you do have to run to the docs (or Bugtraq). I would also note that Microsoft's MCSE study guide for Windows 2000 Professional does recommend using encrypted folders, but does not explain why (at least, not with reference to the issue at hand). Nor does it explain that what you want to do is to encrypt the folder, and then create new files within it; the reader could easily assume that if they start with an encrypted folder, and then move unencrypted files to that folder, they have followed MS recommendations. My $.02 Kirk -------------------------------------------- Kirk Corey, MCP, CCNA Manager, Information Technologies Diversified Software Industries, Inc. kcorey () dsi-inc net http://www.dsi-inc.net/
Current thread:
- Re: BugTraq: EFS Win 2000 flaw, (continued)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)