1995-09-26 - Re: Hack Microsoft?

Header Data

From: RJ Harvey <harveyrj@vt.edu>
To: rjc@clark.net
Message Hash: da6599263861639cadd21777f97369a3e893b8ef1661d810b0aa74863b7b3d83
Message ID: <9509261610.AA13583@toad.com>
Reply To: N/A
UTC Datetime: 1995-09-26 16:10:56 UTC
Raw Date: Tue, 26 Sep 95 09:10:56 PDT

Raw message

From: RJ Harvey <harveyrj@vt.edu>
Date: Tue, 26 Sep 95 09:10:56 PDT
To: rjc@clark.net
Subject: Re: Hack Microsoft?
Message-ID: <9509261610.AA13583@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:33 AM 9/26/95 EDT, Dan Bailey wrote:
>On Tue, 26 Sep 1995 00:04:08 -0400 (EDT) you wrote:
>
>>
>>
>>   Microsoft recently got C2-security status approved for Windows NT by
>>the National Computer Security Center, a division of the NSA. They
>>are supposed to put systems through "laborious testing and review" before
>>  If Cypherpunks can find flaws that the NSA can't, or won't divulge,
>>what does that say about their so-called COMSEC ability.
>>
>For fun ways to hack NT, check out http://www.somar.com/security.html.
> Some of these are really laughable.  You can use NT's LogonUser API
>call to repeatedly guess passwords until you hit it, since NT offers
>no way to limit number of login attempts.

   I don't believe that's correct; under User Manager, select
the Account option under the Policies menu item; it lets you
select whether to lock-out the account after a given number
of invalid logon attempts, and to set the number.  The main
problem here is that by default, I don't believe the 'lock out'
option is enabled (and thus, brute-force attempts at Guest
or a similar account might indeed work).

rj
---------------------------------------------------------
R. J. Harvey               email:  harveyrj@vt.edu
WWW for job analysis/personality:  http://harvey.psyc.vt.edu/
PGP key at http://harvey.psyc.vt.edu/RJsPGPkey.txt






Thread