Post #171,038
8/26/04 11:50:36 AM
|
Windows passwords easily revealed
There's been linux-based tools out to reset passwords on windows machines for awhile now, but this is just head-shakingly pathetic. [link|http://biz.yahoo.com/prnews/040826/phth023_1.html|http://biz.yahoo.com...26/phth023_1.html] The online passwords of hundreds of millions of Microsoft Windows users are exposed and vulnerable. This fact will be revealed to the public on September 1 when New York-based KMGI Group releases its new SeePassword software.
Masterfully simple and increasingly useful, SeePassword technology allows forgotten passwords to be easily and quickly retrieved. In the age of cell/fax/phone numbers, virtual/email/physical addresses and routing/account/PIN numbers, passwords regularly get forgotten. SeePassword provides the consumer with a welcomed tool for resolving this problem. Users just drag a magnifying-glass-shaped interface over the asterisks and see the forgotten password hidden behind them. --
Steve
|
Post #171,048
8/26/04 12:09:04 PM
|
Not sure which passwords in question?
Do they mean like the password that allows you to log onto XP, or does it affect other programs as well, like Eudora, your personal ISP, and Yahoo?
Just a little confused about MS Passwords, not sure what they are.
Nightowl >8#
"A determined soul will do more with a rusty monkey wrench than a loafer will accomplish with all the tools in a machine shop." -- Robert Hughes, Australian Art Critic, Writer
|
Post #171,052
8/26/04 12:11:55 PM
|
This only goes to show you Passwords are not the...
best thing to use for security.
Personally, I tend to use keys.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwetheyNo matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]Here is an example: [link|http://www.greymagic.com/security/advisories/gm001-ie/|Executing arbitrary commands without Active Scripting or ActiveX when using Windows]
|
Post #171,053
8/26/04 12:18:25 PM
|
Ummm ... I disagree
In order for a browser to "remember" passwords, they have to be kept somewhere the browser can see. If I felt like it I could check the Mozilla source and see where it puts it and look that info up pretty easily. What this really shows is how insecure the "remember this password" function really is. That's why I never use it. And hey, they know that too: "The public should have access to this technology," says Alex Konanykhin, CEO of KMGI, "not only for the benefits it will afford them, but to better understand how unprotected their private information currently is. Exposure is the first step to solving the problem." Their tool isn't really the problem, and Windows users aren't the only ones vulnerable to this. The problem is the feature itself. ===
Implicitly condoning stupidity since 2001.
|
Post #171,071
8/26/04 3:10:23 PM
|
Re: Ummm ... I disagree
Mozilla keeps it's password in "Documents and Settings\\username\\Application Data\\Mozilla\\Profiles\\default\\profileid\\########.s" the userid and password seem to be encrypted even if you have Encrypt Sensitive Data off. Note, username is a given, but profileid and ######## will be different on each computer.
~~~)-Steven----
"I want you to remember that no bastard ever won a war by dying for his country.
He won it by making the other poor dumb bastard die for his country..."
General George S. Patton
|
Post #171,087
8/26/04 4:26:11 PM
|
Encrypted?
As in DMCA?
[link|http://www.holgermetzger.de/moz-passwords.html|http://www.holgermet...oz-passwords.html]
--
"...was poorly, lugubrious and intoxicated."
-- Patrick O'Brian, "Master and Commander"
|
Post #171,195
8/27/04 8:51:27 AM
|
OK, didn't say it was well encrypted
~~~)-Steven----
"I want you to remember that no bastard ever won a war by dying for his country.
He won it by making the other poor dumb bastard die for his country..."
General George S. Patton
|
Post #171,089
8/26/04 4:31:19 PM
|
Simpsons did it.
This kind of thing has been available for years.
[link|http://www.google.com/search?sourceid=navclient&ie=UTF-8&q=password+asterisks|http://www.google.co...assword+asterisks]
--
Chris Altmann
|
Post #171,149
8/26/04 10:43:16 PM
|
OT: Auto abbreviation of URLs is sometimes amusing
Two out of three people wonder where the other one is.
|
Post #171,248
8/27/04 12:34:50 PM
|
<snigger type=schoolboy/>
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #171,246
8/27/04 12:34:04 PM
|
This isn't real, right?
I mean, this is on a par with the [link|http://www.museumofhoaxes.com/spaghetti.html|spaghetti tree].
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #171,404
8/27/04 7:29:27 PM
|
Real in what way?
Real in the fact the somebody is trying to make a business out a stupid utility such as:
[link|http://www.lostpassword.com/asterisk.htm|http://www.lostpassword.com/asterisk.htm]
Or What?
|
Post #171,405
8/27/04 7:48:16 PM
|
The software really exists?
/me falls over.
Peter
[link|http://www.debian.org|Shill For Hire]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Blog]
|
Post #171,411
8/27/04 8:18:58 PM
|
Yup
Used snadboy years ago.
|
