Bugtraq mailing list archives
Re: BugTraq: EFS Win 2000 flaw
From: Rickard Berglind <Rickard.Berglind () EIKNES SE>
Date: Fri, 26 Jan 2001 09:44:15 +0100
Attonbitus Deus <Thor () HAMMEROFGOD COM> wrote:
So, yes, if one did encrypt a file in this manner, AND someone breaks in and rips off your hard drive, AND they don't figure out your password is "#BrittanySpears" AND you have correctly removed the restore cert AND the data has not been overwritten AND they decide to go through a sector-by-sector scan of your drives then they MAY actually see little bits of text here and there alluding the to secret hiding place of your porno collection.
If you put it that way there does not seems to be anything to worry about, but assume the following: Someone copy a important file with sensitive information for his company to his laptop. He marks the file as encrypted and a warning will pop up and tells you that it is recommended to encrypt the entire folder, mostly because it will be easier for you. This person is sure that this is the only file that needs to be encrypted and choose not to encrypt the folder. The user interface replies: fine, now it is done. On the way home the laptop is stolen. The question is: can the person be sure that the file could not be read by the thief ? The answer is of course that the file is left on the surface of the disk in complete plain text. Most likely the thief does not have a clue what a disk editor is and just sell the computer to make his money, but this is not really the point. If you are presented with the possibility of encryption and the interface allows you to encrypt single file - there really should not be plain text versions of the files left behind. regards, Rickard Berglind
Current thread:
- Re: BugTraq: EFS Win 2000 flaw, (continued)
- Re: BugTraq: EFS Win 2000 flaw Bryce Walter (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Russ (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Fulmer, John (Jan 23)
- Re: BugTraq: EFS Win 2000 flaw Grubin, Ben (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Abe Getchell (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw John Wiltshire (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Ryan Russell (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Ben Greenbaum (Jan 24)
- Re: BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 25)
- Re: BugTraq: EFS Win 2000 flaw Rickard Berglind (Jan 26)