Bugtraq mailing list archives

Re: BugTraq: EFS Win 2000 flaw

From: Attonbitus Deus <Thor () HAMMEROFGOD COM>
Date: Wed, 24 Jan 2001 23:26:25 -0800

----- Original Message -----
From: "Dan Kaminsky" <dankamin () cisco com>
<snip>


If you ask me, the user interface itself is the most important
documentation--it's the only thing that, if it's incorrect, is

*guaranteed*

to lead to the wrong thing being done.


You mean like the ISO software running on your routers?  Example: the
access-list logic is different when a crypto map is applied to a sub
interface and matched to the access-list ID; the 'permit' statement no
longer really means 'permit' in its original context.  There is no warning
of this in the user interface at all.  Your engineers expect that I have at
least done a little research before using encryption on a Cisco router, or
it will not work.  It's not that the interface gives me incorrect
information, it gives me none at all.  Of course, I really don't expect you
warn me at every turn because you can't.  The users have to take a little
responsibility for the way they do things, even if they don't want to.

I think my real problem with people running to the docs is that, quite
frankly, the *reason* for something to be recommended is *critical*.


Running to the docs?  Come on, man- all anyone has to do is a simple
Start-Help-"File Encryption" and they get plenty of information on what to
do and what not to do.  It's not like we are talking about doing hours of
research to uncover the hidden truth about temp file creation.  The simple
point is that recommended procedures obviate the issue in this case.  That's
that.  Microsoft is very clear about the propensity for files, even temp
ones, to be written in the clear in other circumstances.

MS is failing to overwrite, even once, either the original file or the

.tmp

file that EFS creates.  That's a bug.


I never said it wasn't a bug, though I am still out on that (and sorry about
spelling 'perceived' incorrectly in my response).  I am saying it is not a
major security issue.

That is the skinny on that.
---------------------------------
Attonbitus Deus
Thor () HammerofGod Com

Current thread:

BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 19)
- Re: BugTraq: EFS Win 2000 flaw Alexander Ivanchev (Jan 22)
  - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
- <Possible follow-ups>
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 22)
  - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Timothy J. Miller (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Jeremy Epstein (Jan 23)
  - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 23)
    - Re: BugTraq: EFS Win 2000 flaw Dan Kaminsky (Jan 24)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Kirk Corey (Jan 25)
    - Re: BugTraq: EFS Win 2000 flaw Attonbitus Deus (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Bryce Walter (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Fulmer, John (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Grubin, Ben (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Abe Getchell (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw John Wiltshire (Jan 24)
  - Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Ben Greenbaum (Jan 24)

(Thread continues...)