Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Everstrike's "Lock folder XP 3.4" vulnerability

  1. #1

    Everstrike's "Lock folder XP 3.4" vulnerability

    hi all,

    a friend of mine needed a tool to lock certain folders because someone needed to borrow his notebook.

    after a bit of googling i've came up with this program:
    Everstrike's Lock folder XP 3.4
    Lock Folder XP is a new security tool that lets you lock your files, folders and drives with your personal password. Locking folders, files and drives also effectively protects you from malicious programs, such as viruses, worms and trojans. Locking your files, folders and drives is the best way to guarantee that nobody, whether accidentally or intentionally, gets access to your financial, health, private or confidential information. And since locking your files, folders or drives makes them invisible, they can not be deleted, damaged or harmed in any other ways. We also advise that you get Lock Folder XP if you have a laptop and travel frequently. After all, if your notebook gets lost or stolen, you don't want strangers to see your financial data, credit card or social security numbers.
    so he downloaded it and installed it with a password. The idea behind the program is that it encrypts the folders with a (by the american government approved) encryption scheme.
    i believe this is true (haven't tested it), but i still wanted to find out how safe it is

    here's what i did:

    ( i've obtained the admin password) and logged in as admin. now when you try to open the encrypted folder --> "access denied!". so far so good.

    then i launched the taskmgr and killed all processes not original windows.
    then i ran services.msc and did the same.

    then i fired up regedit.exe and searched for the string "everstrike", after a couple of presses on F3, i came to the string where all data is stored for this program.
    one of those things is a DWORD value "password" which i think stored the password in an md5 hash. (this is nice to crack ).

    but in the same key i've found some strings with values 1 and 2, these were for booting up the program. so i changed those values to 0, and rebooted the computer.

    now when it is logged in again i have full access to those folders again!!!

    nice program!. but i wouldn't ever use it!

    http://www.everstrike.com/


    i haven't contacted the authors because i believe this is done on purpose while coding it ( perhaps a backdoor for them?).

    i also haven't show you the exact keys because i don't want some lame kid using this info to get to encrypted folders without even knowing what they exactly do

    but i think most of you will have enough knowledge of windows to know how to do this...

    [edit] ps, this all took me about 6 minutes after starting[/edit]
    kind regards,


    Scorpius

  2. #2
    Well... The best option would be using the EFS provided with XP (Pro only?) and using file permissions.


    3rd party applications do not protect from local attacks very well.. Not that Microsoft is exactly a nexus of security, but the tools included are usually better (provided you know how) than a 3rd party app. Mainly because they are part of the OS and not an add on.

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Good post...

    I have played with many of these types of programs.
    Most of the time you simply need to image the drive or partition, and then mount the image
    and have full access to the files. This is also so with MS EFS as it relies on ntfs.
    Linux boot disk can have the same effect on most file/folder encryption schemes.

    False sense of security for people I think.

    If it relies on the filesystem or memory resident programs / services for encryption, there is
    really no security.

    Limiting physical access can help of course.

  4. #4
    another disadvantage of EFS is that it only works on NTFS, and it happens to be that my friend is running XP home and on FAT32, so that will never work, and like ss2chef already said, that's not that good either...

  5. #5
    Senior Member
    Join Date
    May 2004
    Posts
    206
    Enuff should do the trick. It was on one of my friend's computer once, and seemed impossible to get off.
    It is better to die on your feet than to live on your knees.

  6. #6
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Arrow My Thoughts ...

    A laptop is for mobile computing, therefore it has a higher risk of being physically stolen or abused. With this in mind I would severly limit the amount of personal data held on a laptop. Any data of this nature would have to be encrypted with something like PGP - of course it would be very wise to keep the key seperate. lol

    Not entirely practical for people that only have a laptop, but then good security is always inconvenient!

    Would PGP be susceptable to the method you used to disable everstrike? Hmmm!

    As for your friend, lepricaun, I would suggest he removes anything that he doesn't want this temporary user to see., after making a couple of security copies and testing them of course.
    Tomorrow is another day for yesterdays work!

  7. #7
    My laptop is running an encrypted Reiser file system with permissions up the wazoo, and I still won't keep anything personal on it.

    It just isn't safe.

    I think we're all missing the point here... Why the hell would you lend out your laptop? I don't even give my girlfriend physical access to mine. She can SSH if she needs to use it.

  8. #8
    I think we're all missing the point here... Why the hell would you lend out your laptop? I don't even give my girlfriend physical access to mine. She can SSH if she needs to use it.
    well, because it isn't really his laptop.. although he is a friend of mine, he's also my collaegue (right spelling?). and the notebook he has really is from our company, and another collaegue of ours needs to borrow it. and although there aren't really very private things on it, he still has some so he wanted it to be blocked for them... he used this program though, although he has seen how easy it is for us to go around it... it was his choice.... the reason he still used this program is because we both know they aren't the most knowledgable people when it comes to computer security...

    so that problem is solved so far, but the fact still remains that this is a worthless program, and i strongly suggest no one would ever use it to keep his data safe. dispite the fact that the following lines are said by the company to sell the product:
    After all, if your notebook gets lost or stolen, you don't want strangers to see your financial data, credit card or social security numbers.
    No one, but yourself will be able to access the locked files, folders and drives
    All information will be encrypted before transmission to prevent possible interception by a third party. Your transmissions, while in this area, are absolutely secure and private.
    nice company, selling a product and saying that it is safe, while it doesn't take any effort to get around this security!

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You might like to look at Scramdisk. It creates an encrypted virtual drive protected by up to four passwords.

    Just move the folders into that. In all probability the colleague wouldn't even see that it was there because until you mount it, it is reported as part of the visible drive in which you have created it.

    Cheers

    EDIT: It is now called "DriveCrypt" http://www.securstar.com/

    But you can get the older versions here: http://www.scramdisk.clara.net/

  10. #10
    You might like to look at Scramdisk. It creates an encrypted virtual drive protected by up to four passwords.

    Just move the folders into that. In all probability the colleague wouldn't even see that it was there because until you mount it, it is reported as part of the visible drive in which you have created it.

    Cheers

    EDIT: It is now called "DriveCrypt" http://www.securstar.com/

    But you can get the older versions here: http://www.scramdisk.clara.net/
    thanks, i will look this up

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •