The core point is simply that most attacks that allow access as
administrator or a chosen user destroy or adversely affect the SAM contents
in some way. This attack grants access without changing the SAM in any way
other than to reset the chosen password.

Yours, David.

-----Original Message-----
From: Ken Pfeil [mailto:Keninfosec101.org]
Sent: 19 June 2001 19:14
To: Pybus, David; focus-mssecurityfocus.com
Cc: mpriestmicrosoft.com
Subject: RE: Boot Partition

So you're saying that by resetting the Administrator's password with a Linux
boot disk is going to let you circumvent EFS encryption on Windows 2000
(which uses syskey enabled by default)?

OK, let's say you defeat syskey. You've reset the admin password. Wheee..
Now we're having fun. So you can decrypt the encrypted files even though the
keys were exported? Or are you assuming that every user renames the
administrator account and uses that to log on? Then again, if you've given
up admin access the game is pretty much over anyway. So the point again, is
what? You can circumvent a security measure by having administrator access?

**********************************************************************
COLT Telecommunications
Registered in England No. 2452736
Registered Office: Bishopsgate Court, 4 Norton Folgate, London E1 6DQ
Tel. 020 7390 3900

This message is subject to and does not create or vary any contractual
relationship between COLT Telecommunications, its subsidiaries or
affiliates ("COLT") and you. Internet communications are not secure
and therefore COLT does not accept legal responsibility for the
contents of this message. Any view or opinions expressed are those of
the author. The message is intended for the addressee only and its
contents and any attached files are strictly confidential. If you have
received it in error, please telephone the number above. Thank you.

**********************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]