From: Mike Markley <mmarkley@microsoft.com>
Date: Tue, 26 Sep 95 09:11:19 PDT
To: cypherpunks@toad.com
Subject: Re: Hack Microsoft?
Message-ID: <9509261711.AA01641@netmail2.microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain



Dan Bailey <dan@milliways.org> writes:

| 	There also is no way to stop remote users from modifying the
| registry.  *Any* user with an account can remotely dump and modify the
| system registry.  So in theory you can write a bruteforce program to
| keep guessing until it gets a password, then modify the registry to
| make the system to "interesting" things.  The worst part of all this
| is that the Registry is very poorly documented, MSoft must consider
| most of that info "confidential."
| 	Fortunately, when using NT's SMB services such as drive and file
| sharing, passwords are never sent in the clear.  Just make sure you
| disable that "Guest" account.:)

This is not entirely true. If I log in as 'guest' I cannot modify just 
any key in the registry. I can only modify the ones that I have 
permissions to change.  Also if you know what you are doing you can set 
permissions on any key in the registry so that it can't be modified by 
just anyone.  I can also modify the account permissions so that if a 
logon attempt fails, after a specified number of retries the account is 
locked and will not accept logons until the administrator unlocks the 
account. I'd recommend that you get a copy of Windows NT and the 
Windows NT Resource Kit, install it and play around with the security 
system before you make generalized statements about it.

Mike.
=====================================================

Mike Markley <mmarkley@microsoft.com>

I'm not a Microsoft spokesperson. All opinions expressed here are mine.

=====================================================