[Dshield] MyDoom-A/B and Organized Crime - One way to fight back

John Holmblad jholmblad at aol.com
Tue Feb 10 15:36:39 GMT 2004


the rise of economically motivated  e-crime involving the the theft of 
files  suggests that users of Windows XP Professional systems should 
start learning about and start using the Encrypting File System (EFS) 
feature to protect economically sensitive information on their PC's. It 
is very easy to set up and use and Microsoft provides comprehensive 
guidance on the subject:

     for Windows 2000:


     for  Windows XP Pro:

It also has the advantage that if a portable device, laptop, PDA, or 
smart phone (well not yet, but soon I expect) device gets "lifted" then 
the sensitive info will be useless to the lifting party without some 
serious crypto brute force hacking.

It is by no means a perfect defense inasmuch as the private keying 
material is stored on the system with several layers of encryption 
derived, ultimately, from the user's logon credentials (e.g. password) 
and it is necessary with Windows XP Pro to  manually create a Default 
Recovery Agent so that encrypted files can be decrypted by a designated 
sysadmin in the even that the private key of the original encryption 
become unavailable (e.g. the person leaves the company, becomes 
incapacitated, etc.)

In addition to EFS there are third party solutions available including, 
for example, PGP.

As an article that was referenced in an earlier recent post about the 
Sinit P2P trojan (http://www.lurhq.com/sinit.html) asserts, 
sophisticated criminals are now making use of powerful technologies like 
asymmetric encryption, not to mention p2p file distribution,  to protect 
their mal-works (in that particular case it was code signing). It is 
time for legitimate users to wake up to the value of the intangible 
assets on their computers and start locking them up. I just recently got 
a notification from  my insurer, Travelers, offering to provide me 
coverage for identity theft for and additional price of $25 per year 
(coverage is limited to a maximum of $15,000 of identity fraud related 
expenses with a $100 deductible). Now, I have not checked the fine print 
in their offer  but, with the availability of Windows XP Pro and EFS and 
similar capabilities from third party product suppliers,  is it 
reasonable for them to expect that a user, in order to qualify for such 
coverage would need to take prudent steps and implement then current 
reasonable best infosec best practice, such as using a feature like EFS 
to protect the information whose theft could then lead to identity theft.

Best Regards,


John Holmblad


Televerage International


(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388


www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net


text email address:         jholmblad at vtext.com

More information about the list mailing list