Re: looking for EFS weaknesses

From: Roger A. Grimes (rogergat_private)
Date: Fri Jun 27 2003 - 06:15:04 PDT

Next message: Tom Bowers: "Re: looking for EFS weaknesses"

Previous message: edat_private: "RE: looking for EFS weaknesses"
In reply to: Ryan Smith: "looking for EFS weaknesses"
Next in thread: Netprouk Services: "RE: looking for EFS weaknesses"
Next in thread: Tom Bowers: "Re: looking for EFS weaknesses"
Reply: Netprouk Services: "RE: looking for EFS weaknesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy, I believe the first problem you mention was fixed long ago in a
service pack.  It does not store a plaintext copy on the hard drive anymore.

The only problem I know about it is that on XP computers not belonging to a
domain, the user's password is tied to the keys, so that if the user's
password is changed or lost, the file will become unrecoverable to even the
recovery agent.

Roger

****************************************************************************
****
*Roger A. Grimes, Computer Security Consultant
*CPA, MCSE (NT/2000), CNE (3/4), A+
*email: rogergat_private
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by O'Reilly
*http://www.oreilly.com/catalog/malmobcode
****************************************************************************
*************

----- Original Message ----- 
From: "Ryan Smith" <ryansmithat_private>
To: <forensicsat_private>
Sent: Thursday, June 26, 2003 11:53 AM
Subject: looking for EFS weaknesses


>
>
> After some research, I am considering rolling out an encryption solution
> based on win2k EFS. I know of one weakness, that encrypting a file that
> already exists will leave behind an insecurely deleted plaintext file.
> This means anyone with any decent forensics tool could bypass the OS and
> easily read it directly off the hard drive.
>
> It also transfers files insecurely across the network.  SSL should solve
> for that.
>
> Does anyone know of any other major weaknesses in the EFS encryption,
> certificate handling, encryption, etc?  For this group I'm particularly
> looking for areas of the hard drive that may contain hidden plaintext
> copies of normally encrypted documents.
>
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Tom Bowers: "Re: looking for EFS weaknesses"
Previous message: edat_private: "RE: looking for EFS weaknesses"
In reply to: Ryan Smith: "looking for EFS weaknesses"
Next in thread: Netprouk Services: "RE: looking for EFS weaknesses"
Next in thread: Tom Bowers: "Re: looking for EFS weaknesses"
Reply: Netprouk Services: "RE: looking for EFS weaknesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 06:21:09 PDT