From: dan@milliways.org  (Dan Bailey)
Date: Tue, 26 Sep 95 07:33:22 PDT
To: rjc@clark.net
Subject: Re: Hack Microsoft?
Message-ID: <199509261433.AA11352@ibm.net>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 26 Sep 1995 00:04:08 -0400 (EDT) you wrote:

>
>
>   Microsoft recently got C2-security status approved for Windows NT by
>the National Computer Security Center, a division of the NSA. They
>are supposed to put systems through "laborious testing and review" before
>  If Cypherpunks can find flaws that the NSA can't, or won't divulge,
>what does that say about their so-called COMSEC ability.
>
For fun ways to hack NT, check out http://www.somar.com/security.html.
 Some of these are really laughable.  You can use NT's LogonUser API
call to repeatedly guess passwords until you hit it, since NT offers
no way to limit number of login attempts.
	There also is no way to stop remote users from modifying the
registry.  *Any* user with an account can remotely dump and modify the
system registry.  So in theory you can write a bruteforce program to
keep guessing until it gets a password, then modify the registry to
make the system to "interesting" things.  The worst part of all this
is that the Registry is very poorly documented, MSoft must consider
most of that info "confidential."
	Fortunately, when using NT's SMB services such as drive and file
sharing, passwords are never sent in the clear.  Just make sure you
disable that "Guest" account.:)
							Dan Bailey
***************************************************************
#define private public						dan@milliways.org
Worcester Polytechnic Institute and The Restaurant at the End of the Universe
***************************************************************