Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Attonbitus Deus <Thor () HAMMEROFGOD COM>
Date: Thu, 25 Jan 2001 09:39:23 -0800
When I got to Start-Help-"File Encryption", it does tell me that I should encrypt the folder and the file, but does not tell me that I should never have created the file in an unencrypted state to begin with. So, to get
the
MS-recommended procedure, you do have to run to the docs (or Bugtraq).
Hmmm. I noticed that the docs also fail to notify me that if I printed out copies of my previously unencrypted files, that the print-outs are not automatically converted with the file. Should they also explicitly point out that if I save a piece of text from an email and encrypt it, that the original email is not automatically destroyed? The fate of original plain text copies of documents we choose to subsequently encrypt is absolutely the responsibility of the user. This thread has mutated into a different being from the original issue, which is that if an unencrypted file outside an encrypted directory is encrypted in said unencrypted directory, that the .tmp file created in the unencrypted dir and subsequently deleted is not then securely wiped. So, yes, if one did encrypt a file in this manner, AND someone breaks in and rips off your hard drive, AND they don't figure out your password is "#BrittanySpears" AND you have correctly removed the restore cert AND the data has not been overwritten AND they decide to go through a sector-by-sector scan of your drives then they MAY actually see little bits of text here and there alluding the to secret hiding place of your porno collection. As Dan Kaminski said, MS may actually add a wipe function to the crypto procedure, but I'm not holding my breath. Like any potentially complex technology, find out what you are doing before you jump in, and don't expect a dialog box to pop up warning you of the consequences of every conceivable circumstance, and don't expect Microsoft to have someone walk behind you with a giant pooper-scooper. Now, all that being said, I would like to point out that I do not intend to belittle Rickard's find in and of itself- I simply exert, as if my opinion really means anything, that it is not a major security issue. I find the issue itself fascinating, and it is something that I would not have ever discovered on my own. Rickard, Ryan, Dan, and others have lead many of us to more deeply explore EFS, and that is a good thing. I even learned a new acronym "RTFM," which I initially thought was a disparaging remark towards my mother. Whew. I'm done now. AD
Current thread:
- Re: BugTraq: EFS Win 2000 flaw, (continued)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)