Bugtraq mailing list archives
RE: Attacking EFS through cached domain logon credentials
From: "John Howie" <JHowie () securitytoolkit com>
Date: Mon, 20 Jan 2003 22:32:12 -0800
Todd (and lists), You wrote:
This is not completely correct, and I wanted to clarify how an attack against a domain-member's EFS encrypted files can work. The threat model is this:
It is important to distinguish between a weakness in EFS (there is none, as described here) and the risk associated with using cached logon credentials. It is not just EFS which is at risk through 'cracking' an account like you describe, there are so many other 'secrets' in a user's profile including passwords to websites remembered by IE, POP3 email account passwords in Outlook and Outlook Express, VPN passwords, etc. Truly sensitive data should not be stored on a laptop, and when it must use two-factor authentication such as a Smart Card (which does reduce the risk associated with cached logon credentials) or a SecureID token. If nothing else, some laptops these days come with passwords to lock/unlock the hard drive. Regards, John Howie CISSP MCSE President, Security Toolkit LLC
Current thread:
- Attacking EFS through cached domain logon credentials Todd Sabin (Jan 21)
- <Possible follow-ups>
- RE: Attacking EFS through cached domain logon credentials John Howie (Jan 22)
- Re: Attacking EFS through cached domain logon credentials Todd Sabin (Jan 24)