NT insecurity

Lone_Wolf gt6511a at cad.gatech.edu
Sat Nov 16 20:58:11 PST 1996 

# 
# On Sat, 16 Nov 1996 17:00:56 -0500 (EST), Michael H. Warfield wrote:
# 
# >	Hooo  Hummm...  Another one...
# 
# >> Given the recent comments about insecure machines, I thought it was
# >> interesting to note that you can clear *every* password on an NT box by using
# >> a diskeditor to corrupt the password file (Boot off of a floppy and use
# >> NTFSDOS if you have to).  It'll reboot several times and then you'll be
# >> allowed to login.
# 
# >	Much as I absolutely detest NT, lets reitterate what everyone else
# >on this list has already heard too TOO many times...  If you have physical
# >access to the machine, it ain't secure.  It doesn't matter what operating
# 
# True.  However, as has been reiterated many times, NT is being marketed as a
# secure platform.  Unix people tend to know that you need to work to secure
# it.  MS hype might lead some of the non-cypherpunk admin types to believe
# it's secure.  Trust me. I hear from these people all the time!

As do I.  In fact, in a decision made prior to my joining my current employer,
the IS manager actually advocated security by obscurity, believing that NT was
so new that nobody would know the security flaws in it.  So our firewall is
an NT platform with a commercial firewall product on it.  Which limits our
functionality (we call up for support saying "this is what we want to do", and
they say "Oh, our Unix version will do that, but not our NT version".  Not to
mention, it's pretty bad when your firewall crashes out from under (leaving no
access, instead of open access, but it STILl interferes with getting work
done, especially since 90% of my work involves a remote site on the other side
of the firewall).

James
# 
# #  Chris Adams <adamsc at io-online.com>   | http://www.io-online.com/adamsc/adamsc.htp
# #  <cadams at acucobol.com>		 | send mail with subject "send PGPKEY"
# "That's our advantage at Microsoft; we set the standards and we can change them."
#    --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial)
# 
# 
#

More information about the cypherpunks-legacy mailing list