Adamsc enscribed thusly: Hooo Hummm... Another one...

Given the recent comments about insecure machines, I thought it was interesting to note that you can clear *every* password on an NT box by using a diskeditor to corrupt the password file (Boot off of a floppy and use NTFSDOS if you have to). It'll reboot several times and then you'll be allowed to login.

Much as I absolutely detest NT, lets reitterate what everyone else on this list has already heard too TOO many times... If you have physical access to the machine, it ain't secure. It doesn't matter what operating system or what that operating system offers in the way of security. If you can boot it off a floppy, you got it by da balls. Period. NT is no better and no worse than any variation of UNIX out there. I help a friend break into a SCO C2 secure Unix box that way. Booted DOS off the floppy, hunted down the password entry (it ain't in /etc/passwd in this mother), and changed it to something we knew. Was owned by a friend whose EX boy friend had locked her out of her own system! Took just a few minutes, including the programing time. Let's beat up on NT about the real things, not phantoms...

# Chris Adams <adamsc@io-online.com> | http://www.io-online.com/adamsc/adamsc.htp # <cadams@acucobol.com> | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)

Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!