Hosting Provided By

RE: Identifying Win2K/XP Encrypted Files

From: John Howie <JHowie(at)securitytoolkit.com>
Date: Thu Jan 30 2003 - 13:22:38 EST

Folks,

If you change a user's password in XP Professional you lose access to all the 'secrets' stored in the profile, as they are protected using a function of the user's hashed password. Secrets being any sensitive data protected using the appropriate CryptoAPI functions. This can include EFS certificates and associated private keys, Passport information, and credentials to use when surfing to password-protected web-sites. I suggest you read the XP Resource Kit for further details.

One thing to note: a local user account (not a domain account) can create a disk to backup their passwords (not secrets). This disk can be used in conjunction with several hacking tools to overcome the problems associated with a reset of a user's account password. The disk should not be stored with a laptop or near a user's desktop!

John

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 30 14:13:48 2003

This message: [ Message body ]
Next message: George M. Garner Jr.: "RE: Identifying Win2K/XP Encrypted Files"
Previous message: Nathan Yocom: "RE: Identifying Win2K/XP Encrypted Files"
Maybe in reply to: Christopher Howell: "Identifying Win2K/XP Encrypted Files"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:43 EDT