[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NT insecurity
Adamsc enscribed thusly:
Hooo Hummm... Another one...
> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box by using
> a diskeditor to corrupt the password file (Boot off of a floppy and use
> NTFSDOS if you have to). It'll reboot several times and then you'll be
> allowed to login.
Much as I absolutely detest NT, lets reitterate what everyone else
on this list has already heard too TOO many times... If you have physical
access to the machine, it ain't secure. It doesn't matter what operating
system or what that operating system offers in the way of security. If
you can boot it off a floppy, you got it by da balls. Period. NT is no
better and no worse than any variation of UNIX out there. I help a friend
break into a SCO C2 secure Unix box that way. Booted DOS off the floppy,
hunted down the password entry (it ain't in /etc/passwd in this mother),
and changed it to something we knew. Was owned by a friend whose EX boy
friend had locked her out of her own system! Took just a few minutes,
including the programing time.
Let's beat up on NT about the real things, not phantoms...
> # Chris Adams <[email protected]> | http://www.io-online.com/adamsc/adamsc.htp
> # <[email protected]> | send mail with subject "send PGPKEY"
> "That's our advantage at Microsoft; we set the standards and we can change them."
> --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
Mike
--
Michael H. Warfield | (770) 985-6132 | [email protected]
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!