1996-11-16 - Re: NT insecurity

Header Data

From: “Michael H. Warfield” <mhw@wittsend.com>
To: adamsc@io-online.com
Message Hash: 282031e5c0cca2039caedee3a87fe353e730d141d14e17da864ef9fd7b0652c7
Message ID: <m0vOsnL-0000ucC@wittsend.com>
Reply To: <19961116064952843.AAA201@rn232.io-online.com>
UTC Datetime: 1996-11-16 22:02:14 UTC
Raw Date: Sat, 16 Nov 1996 14:02:14 -0800 (PST)

Raw message

From: "Michael H. Warfield" <mhw@wittsend.com>
Date: Sat, 16 Nov 1996 14:02:14 -0800 (PST)
To: adamsc@io-online.com
Subject: Re: NT insecurity
In-Reply-To: <19961116064952843.AAA201@rn232.io-online.com>
Message-ID: <m0vOsnL-0000ucC@wittsend.com>
MIME-Version: 1.0
Content-Type: text/plain


Adamsc enscribed thusly:

	Hooo  Hummm...  Another one...

> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box by using
> a diskeditor to corrupt the password file (Boot off of a floppy and use
> NTFSDOS if you have to).  It'll reboot several times and then you'll be
> allowed to login.

	Much as I absolutely detest NT, lets reitterate what everyone else
on this list has already heard too TOO many times...  If you have physical
access to the machine, it ain't secure.  It doesn't matter what operating
system or what that operating system offers in the way of security.  If
you can boot it off a floppy, you got it by da balls.  Period.  NT is no
better and no worse than any variation of UNIX out there.  I help a friend
break into a SCO C2 secure Unix box that way.  Booted DOS off the floppy,
hunted down the password entry (it ain't in /etc/passwd in this mother),
and changed it to something we knew.  Was owned by a friend whose EX boy
friend had locked her out of her own system!  Took just a few minutes,
including the programing time.

	Let's beat up on NT about the real things, not phantoms...

> #  Chris Adams <adamsc@io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
> #  <cadams@acucobol.com>		 | send mail with subject "send PGPKEY"
> "That's our advantage at Microsoft; we set the standards and we can change them."
>    --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!





Thread