Re: Security - Best Encryption Tool

From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/03/04

  • Next message: WJ: "Re: Security - Best Encryption Tool" 
    Date: Thu, 3 Jun 2004 14:48:35 -0700

    This is possible if ACLs are not set correctly on every folder under every
    virtual directory. Or when a hacker manages to exploit a new vulnerability
    in the OS or system services. Or when a hacker is an internal user who
    manages to get access to the system or already has access to the system, but
    is not supposed to know the application secrets...

    I do not want to get into the long discussion, but what I am trying to say
    is that if you base your application security on the conditions that the
    underlying OS and supporting services are unbreakable and system
    administrators never make mistakes, some day you may encounter an unpleasant
    surprise. Hopefully you won't, but it cannot be guaranteed, so it is better
    to implement the strongest feasible security on all levels: processes,
    hardware, and software.

    Alek

    "WJ" <JohnWebbs@HotMail.Com> wrote in message
    news:eOuSssaSEHA.2480@TK2MSFTNGP10.phx.gbl...
    >
    > "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
    > news:ObT8D1OSEHA.2408@tk2msftngp13.phx.gbl...
    >
    > > Machine Store is not safe. If a hacker manages to get the WRITE access
    to
    > > any of the folders on a compromised machine, he can drop an application
    > > there which will decrypt any setting encrypted using DPAPI with machine
    > > store.
    >
    > This is only possible if one uses Microsoft tool such as the
    "aspnet_setreg"
    > to store your data in the registry database. This tool is one example that
    > MS gave, to avoid this "problem", you will almost have to implement your
    own
    > DPAPI (modified) to store your key in other places. However that may be,
    > system administrator is responsible to lock his server(s) to avoid
    misshaps.
    >
    > Cheer
    >
    > John
    >
    >

  • Next message: WJ: "Re: Security - Best Encryption Tool"

    Relevant Pages

    • Re: Security - Best Encryption Tool
      ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
      (microsoft.public.vb.general.discussion)
    • Re: Security - Best Encryption Tool
      ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
      (microsoft.public.dotnet.distributed_apps)
    • Re: Security - Best Encryption Tool
      ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
      (microsoft.public.dotnet.framework.aspnet.buildingcontrols)
    • Re: Security - Best Encryption Tool
      ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
      (microsoft.public.dotnet.framework.component_services)
    • Re: David,Thanks for you input. I will be making that change.Dennis
      ... Rather than store the file in the database, ... my My Documents folder is located on the D drive. ... My Response: I see you point and I agree. ... Web" for information about determining the details about mapped drives. ...
      (microsoft.public.access.formscoding)