Re: Avoid Administrator password hacking ????

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 07/07/05 

Date: Wed, 6 Jul 2005 22:37:50 -0500

While I agree with almost everything in what an attacker can do with a
computer that they have physical access to, decrypting encrypted files may
not be possible even if the users password is obtained. Such could be the
case with files encrypted via EFS on XP Pro and the user had exported and
deleted their private key and ideally using something like cipher /w
afterwards. Getting users to do such reliably is another matter
owever. --- Steve

"Shenan Stanley" <newshelper@gmail.com> wrote in message
news:u%23ELUNngFHA.3316@TK2MSFTNGP14.phx.gbl...
> Robert Moir wrote:
>> If I can touch the machine physcially, and I'm determined to get in, I
>> own the machine. End of story.
>
> John wrote:
>> Wrong. That's why full disk encryption products are becoming so
>> popular these days. See alt.security.scramdisk for discussions about
>> such products.
>
> Physical Access+Time = Owned when it comes to a computer.. Encrypted or
> not.
>
> Hardware Keyloggers, Decryption techniques, password hacker to gain the
> password of the user from the computer (then I can log in as them and open
> the encrypted files at will), Ghost the entire machine and apply it to the
> same hardware, etc.. I can gain time and make it happen in so many ways -
> if I am given physical access.
>
> Not to mention that although you say encryption products are "popular" -
> that is not the way I am seeing it. They may be popular among
> technologically minded individuals - but the normal person who has a job
> where their data should be secure (usually the really intelligent people
> in research and development) see it as troublesome. They don't even
> believe in backups most of the time. It's almost laughable - in a scary
> way.
>
> Physical Access+Time = Owned.
>
> --
> Shenan Stanley
> MS-MVP
> --
> How To Ask Questions The Smart Way
> http://www.catb.org/~esr/faqs/smart-questions.html
>

Quantcast