[18818] in bugtraq
Re: BugTraq: EFS Win 2000 flaw
daemon@ATHENA.MIT.EDU (Kirk Corey)
Thu Jan 25 15:41:07 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <002c01c086e9$51881a70$0c00a8c0@dsiinc.net>
Date: Thu, 25 Jan 2001 10:10:17 -0600
Reply-To: kcorey@dsi-inc.net
From: Kirk Corey <kcorey@DSI-INC.NET>
X-To: Thor@HAMMEROFGOD.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <003601c086a0$2c6f12a0$af05a8c0@anchorsign.com>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
> Attonbitus Deus
> Sent: Thursday, January 25, 2001 1:26 AM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: Re: BugTraq: EFS Win 2000 flaw
>
<snip>
> Running to the docs? Come on, man- all anyone has to do is a simple
> Start-Help-"File Encryption" and they get plenty of
> information on what to
> do and what not to do. It's not like we are talking about
> doing hours of
> research to uncover the hidden truth about temp file
> creation. The simple
> point is that recommended procedures obviate the issue in
> this case. That's
> that. Microsoft is very clear about the propensity for
> files, even temp
> ones, to be written in the clear in other circumstances.
>
When I got to Start-Help-"File Encryption", it does tell me that I should
encrypt the folder and the file, but does not tell me that I should never
have created the file in an unencrypted state to begin with. So, to get the
MS-recommended procedure, you do have to run to the docs (or Bugtraq).
I would also note that Microsoft's MCSE study guide for Windows 2000
Professional does recommend using encrypted folders, but does not explain
why (at least, not with reference to the issue at hand). Nor does it
explain that what you want to do is to encrypt the folder, and then create
new files within it; the reader could easily assume that if they start with
an encrypted folder, and then move unencrypted files to that folder, they
have followed MS recommendations.
My $.02
Kirk
--------------------------------------------
Kirk Corey, MCP, CCNA
Manager, Information Technologies
Diversified Software Industries, Inc.
kcorey@dsi-inc.net
http://www.dsi-inc.net/
