Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw

From: "Timothy J. Miller" <cerebus () SACKHEADS ORG>
Date: Tue, 23 Jan 2001 15:35:12 -0600

Dan Kaminsky <dankamin () CISCO COM> writes:

                                                         That means no
decryption keys ever get written, no passwords get saved, and most
importantly, *no plaintext data gets stored, not even "temporarily"*.


Interestingly, when a system hibernates everything in memory goes to
disk (into the hiber file or partition)-- and this includes the
sensitive data that the LSA holds that is not normally swapped out:
keypairs, kerberos tickets and encrypted files.

Current thread:

BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 19)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
  - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- <Possible follow-ups>
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
  - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Bryce Walter (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Fulmer, John (Jan 23)

(Thread continues...)