Re: BugTraq: EFS Win 2000 flaw

[Rickard Berglind <Rickard.Berglind () EIKNES SE>]

Scott Culp, Security Program Manager wrote :

> While EFS does indeed work as Rickard discusses, this is not new
> information.  For instance, "Encrypting File System for Windows 2000"
> (http://www.microsoft.com/WINDOWS2000/library/howitworks/security/encr 
> ypt.asp, p 22) notes the following:


Since this white paper repeatedly stated that EFS will guard
user's data against attackers with physical access to the disk
it might seem a little strange to deliberately leave data
in plain text. With all respect, personally I am not sure if the fact
that you did know about this behaviour makes anything better or worse.


 From the same white paper, same page as noted earlier:

"An individual with physical access to the machine could potentially
attempt sophisticated attacks by going to the disk directly. Attempts
to read the data this way will fail because it is encrypted"

This is obviously not the entire truth because it only addresses
the encrypted file, which I am sure, is hard to gain access to.

For a programming layman it seems like a minor problem to include
code to properly overwrite the old file.


For your information: I did write to Microsoft both in Sweden and
in the US about one month ago and reporting what I found, but have
not yet received any response. Perhaps because this fact was known
and expected.



regards,
Rickard Berglind