Re: Security - Best Encryption Tool

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Alek Davis (alek_xDOTx_davis_xATx_intel_xDOTx_com)
Date: 06/03/04 

Date: Thu, 3 Jun 2004 14:48:35 -0700

This is possible if ACLs are not set correctly on every folder under every
virtual directory. Or when a hacker manages to exploit a new vulnerability
in the OS or system services. Or when a hacker is an internal user who
manages to get access to the system or already has access to the system, but
is not supposed to know the application secrets...

I do not want to get into the long discussion, but what I am trying to say
is that if you base your application security on the conditions that the
underlying OS and supporting services are unbreakable and system
administrators never make mistakes, some day you may encounter an unpleasant
surprise. Hopefully you won't, but it cannot be guaranteed, so it is better
to implement the strongest feasible security on all levels: processes,
hardware, and software.

Alek

"WJ" <JohnWebbs@HotMail.Com> wrote in message
news:eOuSssaSEHA.2480@TK2MSFTNGP10.phx.gbl...
>
> "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> news:ObT8D1OSEHA.2408@tk2msftngp13.phx.gbl...
>
> > Machine Store is not safe. If a hacker manages to get the WRITE access
to
> > any of the folders on a compromised machine, he can drop an application
> > there which will decrypt any setting encrypted using DPAPI with machine
> > store.
>
> This is only possible if one uses Microsoft tool such as the
"aspnet_setreg"
> to store your data in the registry database. This tool is one example that
> MS gave, to avoid this "problem", you will almost have to implement your
own
> DPAPI (modified) to store your key in other places. However that may be,
> system administrator is responsible to lock his server(s) to avoid
misshaps.
>
> Cheer
>
> John
>
>

Relevant Pages

  • Re: Security - Best Encryption Tool
    ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: Security - Best Encryption Tool
    ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
    (microsoft.public.dotnet.framework.aspnet.buildingcontrols)
  • Re: Security - Best Encryption Tool
    ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Security - Best Encryption Tool
    ... This is possible if ACLs are not set correctly on every folder under every ... Or when a hacker manages to exploit a new vulnerability ... >> Machine Store is not safe. ... > This is only possible if one uses Microsoft tool such as the ...
    (microsoft.public.vb.general.discussion)
  • Re: Outlook Express 6, Compaction Errors
    ... The only thing that should be in a store folder are the dbx files. ... Check in Windows Explorer as you would go to the message store for this identity. ... Click on Outlook Express at the top of the folder tree so no folders are open. ... /first/ and then rename the bak file to dbx. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)