NT insecurity
Michael H. Warfield
mhw at wittsend.com
Sat Nov 16 14:02:14 PST 1996
Adamsc enscribed thusly:
Hooo Hummm... Another one...
> Given the recent comments about insecure machines, I thought it was
> interesting to note that you can clear *every* password on an NT box by using
> a diskeditor to corrupt the password file (Boot off of a floppy and use
> NTFSDOS if you have to). It'll reboot several times and then you'll be
> allowed to login.
Much as I absolutely detest NT, lets reitterate what everyone else
on this list has already heard too TOO many times... If you have physical
access to the machine, it ain't secure. It doesn't matter what operating
system or what that operating system offers in the way of security. If
you can boot it off a floppy, you got it by da balls. Period. NT is no
better and no worse than any variation of UNIX out there. I help a friend
break into a SCO C2 secure Unix box that way. Booted DOS off the floppy,
hunted down the password entry (it ain't in /etc/passwd in this mother),
and changed it to something we knew. Was owned by a friend whose EX boy
friend had locked her out of her own system! Took just a few minutes,
including the programing time.
Let's beat up on NT about the real things, not phantoms...
> # Chris Adams <adamsc at io-online.com> | http://www.io-online.com/adamsc/adamsc.htp
> # <cadams at acucobol.com> | send mail with subject "send PGPKEY"
> "That's our advantage at Microsoft; we set the standards and we can change them."
> --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
Mike
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
(The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
More information about the cypherpunks-legacy
mailing list