Randy, I believe the first problem you mention was fixed long ago in a service pack. It does not store a plaintext copy on the hard drive anymore. The only problem I know about it is that on XP computers not belonging to a domain, the user's password is tied to the keys, so that if the user's password is changed or lost, the file will become unrecoverable to even the recovery agent. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE (NT/2000), CNE (3/4), A+ *email: rogergat_private *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode **************************************************************************** ************* ----- Original Message ----- From: "Ryan Smith" <ryansmithat_private> To: <forensicsat_private> Sent: Thursday, June 26, 2003 11:53 AM Subject: looking for EFS weaknesses > > > After some research, I am considering rolling out an encryption solution > based on win2k EFS. I know of one weakness, that encrypting a file that > already exists will leave behind an insecurely deleted plaintext file. > This means anyone with any decent forensics tool could bypass the OS and > easily read it directly off the hard drive. > > It also transfers files insecurely across the network. SSL should solve > for that. > > Does anyone know of any other major weaknesses in the EFS encryption, > certificate handling, encryption, etc? For this group I'm particularly > looking for areas of the hard drive that may contain hidden plaintext > copies of normally encrypted documents. > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 06:21:09 PDT