Slashdot Mirror

← Back to Stories (view on slashdot.org)

SecurityFocus On MS Security "Hole"

Posted by timothy on from the if-you're-sitting-at-the-console dept.

friday2k writes "There is an interesting writeup at SecurityFocus that puts the latest security 'hole' in XP into perspective. It is a worthy read and should remind us all of the real issues out there." And it collects into one place much of the flak I caught after posting about the claimed security hole opened by the XP Recovery Console.

1 of 398 comments (clear)

  1. Re:WRONG! by jonsteph · · Score: 5, Informative

    Problem is, we're talking about Windows XP, so Mr. Pfeil is wrong.

    Assuming one can get Admin access to the installed OS (re-installing OS destroys access to EFS-protected files), resetting the password on WinXP in a Workgroup (as opposed to changing it) destroys access to DPAPI-protected keys, and hence access to EFS-protected files.

    Win2000 EFS is vulnerable to this sort of attack, but not WinXP.

    With WinXP, an attacker should endeavor to crack the user's password rather than change it to a known value. Even so, this attack can be mitigated by a) using strong passwords, and b) using SYSKEY to protect the SAM from offline attack.

    Other notes:

    1) EFS was principally designed to protect data when the hardware has been compromised, so the premise of this whole comment is wrong.

    2) EFS is one layer of defense-in-depth. It should be combined with strong passwords, SYSKEY, and proper recovery key management.

    3) Windows XP Key security is discussed here.

    4) EFS does not support keys on removeable devices as of WinXP.