Todd (and lists), You wrote: > > This is not completely correct, and I wanted to clarify how an attack > against a domain-member's EFS encrypted files can work. The threat > model is this: > It is important to distinguish between a weakness in EFS (there is none, as described here) and the risk associated with using cached logon credentials. It is not just EFS which is at risk through 'cracking' an account like you describe, there are so many other 'secrets' in a user's profile including passwords to websites remembered by IE, POP3 email account passwords in Outlook and Outlook Express, VPN passwords, etc. Truly sensitive data should not be stored on a laptop, and when it must use two-factor authentication such as a Smart Card (which does reduce the risk associated with cached logon credentials) or a SecureID token. If nothing else, some laptops these days come with passwords to lock/unlock the hard drive. Regards, John Howie CISSP MCSE President, Security Toolkit LLC
