Massassi Forums Logo

This is the static archive of the Massassi Forums. The forums are closed indefinitely. Thanks for all the memories!

You can also download Super Old Archived Message Boards from when Massassi first started.

"View" counts are as of the day the forums were archived, and will no longer increase.

ForumsDiscussion Forum → Think your data's secure behind that Windows 7 password?
Think your data's secure behind that Windows 7 password?
2012-07-01, 8:15 AM #1
http://pcsupport.about.com/od/toolsofthetrade/gr/offlinentpwed.htm

Takes about 45 seconds to wipe a password from any account. There are other tools that are supposed to display the password. They didn't work for me, but this worked like a charm. So if any of you out there think you're sensitive data is safe behind your Windows user password, consider this.

I also use a BIOS password, but apparently that's not a great solution either. So if I want to render my data unreadable should my laptop fall into the wrong hands, how would I go about doing this without making life super difficult? Anyone know about this kind of stuff?
If you choose not to decide, you still have made a choice.

Lassev: I guess there was something captivating in savagery, because I liked it.
2012-07-01, 8:51 AM #2
No, but I can't think of anything that sensitive that I store on my computer.
nope.
2012-07-01, 9:00 AM #3
This has been known for ages (which is why it mentions Windows NT).

Thing is, if you reset the password, you lose access to all encrypted files on the system. So if you run with BitLocker turned on, or if you use file encryption for important files, this will not get you the files.

In addition, this applies to many, many operating systems. If you're able to sit down at the computer, you can reset Linux and OS X passwords as well. If you're worried about that, you should be running encryption on everything. User account passwords weren't designed to stop this sort of attack.
2012-07-01, 9:13 AM #4
yep, pop in a Linux LiveCD and you can trash the shadow file. Once you have physical access to a computer you can do anything. Use encryption and store the key externally.
2012-07-01, 2:23 PM #5
I used to work in support for Barclays Bank for my first job, and they all had this app called Safeboot installed on their laptops. Had to enter login details before the computer actually booted Windows. Might have been more secure than the BIOS password option, although I admit that I didn't check your link...
幻術
2012-07-01, 5:57 PM #6
Koobie: looks like Safeboot was a full-disk encryption software, so that would be along the lines of what we said. Whether it asks before or after Windows comes up doesn't matter much.
2012-07-01, 7:25 PM #7
Originally posted by Sarn_Cadrill:
I also use a BIOS password, but apparently that's not a great solution either. So if I want to render my data unreadable should my laptop fall into the wrong hands, how would I go about doing this without making life super difficult? Anyone know about this kind of stuff?


Encrypt the drive.
error; function{getsig} returns 'null'
2012-07-01, 7:43 PM #8
Shoot yourself.
TAKES HINTS JUST FINE, STILL DOESN'T CARE
2012-07-01, 8:35 PM #9
If someone steals your laptop they are going to be too busy flattening and reinstalling to figure out that you make $40,000 a year and like MLP too much.
2012-07-01, 10:02 PM #10
If someone gets physical access to your assets, you're generally screwed.
Also, I can kill you with my brain.
2012-07-01, 10:47 PM #11
Originally posted by Jon`C:
and like MLP too much.


Is that even possible? :D
2012-07-01, 11:01 PM #12
If you are a man and you like it at all, then yes, that is too much.
>>untie shoes
2012-07-01, 11:30 PM #13
I use truecrypt for sensitive information.
Also MLP is cute and amusing, and awesome =p
You can't judge a book by it's file size
2012-07-01, 11:44 PM #14
...the hell is MLP?

Asking before googling to prove I dont know what it is so that I dont have to be embarassed as it seems people should be for liking it.
"Guns don't kill people, I kill people."
2012-07-01, 11:44 PM #15
Looks like My Little Pony is the most likely candidate?
"Guns don't kill people, I kill people."
2012-07-02, 3:20 AM #16
A personal favourite would be replacing an ease-of-access tool with a renamed cmd.exe. Windows 7 doesn't even check a file hash or anything and it opens under the SYSTEM account. It's then trivial to reset a user password.
http://www.simple-talk.com/sysadmin/general/game-over!-gaining-physical-access-to-a-computer/
2012-07-02, 3:50 AM #17
Originally posted by KOP_Snake:
...the hell is MLP?


Massassi Temple Level Pack
Star Wars: TODOA | DXN - Deus Ex: Nihilum
2012-07-02, 5:16 AM #18
MLP = Massive Lubricated Penis

Antony says its wrong for men to like this at all, I say someone open the closet door and let him out.
2012-07-02, 5:45 AM #19
So it's not Major League something?
nope.
2012-07-02, 7:21 AM #20
Major League Penis, of course... it's a pretty big deal
I can't wait for the day schools get the money they need, and the military has to hold bake sales to afford bombs.
2012-07-02, 7:01 PM #21
Originally posted by Deadman:
I use truecrypt for sensitive information.
Also MLP is cute and amusing, and awesome =p


May want to read up on cold boot attacks: http://static.usenix.org/event/sec08/tech/full_papers/halderman/halderman_html/
Also, I can kill you with my brain.
2012-07-03, 2:14 AM #22
Hell no that's way too much reading.
You can't judge a book by it's file size
2012-07-03, 3:38 AM #23
Quote:
secure


Quote:
windows


nope.
2012-07-03, 8:10 AM #24
we use securedoc + fingerprint reader/hd password.
2012-07-03, 9:30 AM #25
Originally posted by Reid:
nope.

This stopped being funny over a decade ago when Microsoft started taking security seriously.

Really, this is a non-issue.
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2012-07-03, 9:38 AM #26
mo4r li3k micro$oft amiri7e
Star Wars: TODOA | DXN - Deus Ex: Nihilum
2012-07-03, 11:02 AM #27
|\| 0
"Guns don't kill people, I kill people."
2012-07-03, 12:59 PM #28
Originally posted by Emon:
This stopped being funny over a decade ago when Microsoft started taking security seriously.

Really, this is a non-issue.

really? you think the security of modern windows systems is perfectly fine?

edit: just for ****s and giggles, a while back i portscanned my parent's windows box. port 445 was filtered by the router but after some prodding i found it was open. port 445 is known for being an exploitable port on windows machines. it's open by default on windows 7 installs. it might have been fixed in sp1
2012-07-03, 2:05 PM #29
Hey look everybody, Brian's back!
2012-07-03, 2:14 PM #30
Of course not. That's not what it's for. As long as the data isn't encrypted, all you have to do is pop the hard drive in another computer.
2012-07-03, 4:28 PM #31
Yeah, Reid's totally right. Fukkin' Micro$haft, if people wanted to share files they should use scp with authorized_keys.
2012-07-03, 4:38 PM #32
Originally posted by Jon`C:
Yeah, Reid's totally right. Fukkin' Micro$haft, if people wanted to share files they should use scp with authorized_keys.

hahahaha.
2012-07-03, 5:16 PM #33
Originally posted by Reid:
port 445 is known for being an exploitable port on windows machines. it's open by default on windows 7 installs. it might have been fixed in sp1

Why is it exploitable? What service is running, listening on 445, that has exploitable vulnerabilities?

You do know that just because a "port is open" doesn't mean it can "be hacked," right? No, you don't, because you don't have any idea how software actually works and are just regurgitating crap you read on [H].
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2012-07-03, 5:17 PM #34
Originally posted by Reid:
hahahaha.

Shut up, you don't even know what this means. Port 445 is used by Windows for file sharing over SMB. It's an integral function of Windows and something most people would expect to work out of the box.
Bassoon, n. A brazen instrument into which a fool blows out his brains.
2012-07-03, 5:49 PM #35
Originally posted by Reid:
really? you think the security of modern windows systems is perfectly fine?

edit: just for ****s and giggles, a while back i portscanned my parent's windows box. port 445 was filtered by the router but after some prodding i found it was open. port 445 is known for being an exploitable port on windows machines. it's open by default on windows 7 installs. it might have been fixed in sp1


JESUS CHRIST YOU'RE RIGHT! I PORT-SCANNED MASSASSI'S SERVER AND FOUND SEVERAL OPEN PORTS THAT GOOGLE SAYS ARE EXPLOITABLE!

APPARENTLY PORT 21, 80 AND 443 ARE REALLY BAD.

Thank god for your post dude, I'm going to go filter these ports right now!
2012-07-03, 6:10 PM #36
I'm going to create the world's first networked operating system with no open ports... It will be the most secure OS ever!
2012-07-03, 6:43 PM #37
The only way to interact with the system is a remote controlled mechanical hand that inputs keystrokes onto a keyboard.

-And you can only see the monitor via a special collection of mirrors.
2012-07-03, 7:06 PM #38
Originally posted by Emon:
It's an integral function of Windows and something most people would expect to work out of the box.

It really is, besides SMB and everything it does (including domains). I'm pretty sure Windows uses port 445 as a catch-all for system named pipes. Block it if you want, but with the same caveat as disabling virtual memory: things will probably break that you don't expect will break.
2012-07-04, 12:34 AM #39
alright, jesus, i'm an idiot

↑ Up to the top!