[18833] in bugtraq
Re: BugTraq: EFS Win 2000 flaw
daemon@ATHENA.MIT.EDU (Rickard Berglind)
Fri Jan 26 13:28:20 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Message-ID: <sa7146f9.018@eiknes.se>
Date: Fri, 26 Jan 2001 09:44:15 +0100
Reply-To: Rickard Berglind <Rickard.Berglind@EIKNES.SE>
From: Rickard Berglind <Rickard.Berglind@EIKNES.SE>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Attonbitus Deus <Thor@HAMMEROFGOD.COM> wrote:
>So, yes, if one did encrypt a file in this manner, AND someone breaks in and
>rips off your hard drive, AND they don't figure out your password is
>"#BrittanySpears" AND you have correctly removed the restore cert AND the
>data has not been overwritten AND they decide to go through a
>sector-by-sector scan of your drives then they MAY actually see little bits
>of text here and there alluding the to secret hiding place of your porno
>collection.
If you put it that way there does not seems to be anything to worry
about, but assume the following: Someone copy a important file with
sensitive information for his company to his laptop. He marks the
file as encrypted and a warning will pop up and tells you that it is
recommended to encrypt the entire folder, mostly because it will be
easier for you.
This person is sure that this is the only file that needs to be
encrypted and choose not to encrypt the folder. The user interface
replies: fine, now it is done.
On the way home the laptop is stolen. The question is: can the
person be sure that the file could not be read by the thief ?
The answer is of course that the file is left on the surface of
the disk in complete plain text.
Most likely the thief does not have a clue what a disk editor is
and just sell the computer to make his money, but this is not
really the point.
If you are presented with the possibility of encryption and
the interface allows you to encrypt single file - there really
should not be plain text versions of the files left behind.
regards,
Rickard Berglind
