Re: Password protect PC

Yes you need to use strong passwords and also disable storage of lm hash on
next password change. Try disabling storage of lm hash and then create three
user accounts. Use passwords of 10, 12, and 15 characters mixed with
uppercase, lowercase, numeric, and other character seen on the keyboard. Now
submit again and let us know how they did. I would be extremely surprised if
they cracked all three passwords. Environments that can support smart card
logon would also mitigate such a problem for password cracking. Note that
what you describe has been available for a long time with freely available
password cracking tools and that anyone that has full physical access to
your computer, as Malke says also, can access all your unencrypted data
anyhow.

I could boot your computer from Bart's PE or such and copy your data files
or boot from my Ghost floppy and image your hard drive. So your best option
is to physically secure your computer to the needed degree or at least the
hard drive. There are removable trays for hard drives and you could take
your's with you or lock it in a safe when you are not around. Encryption of
sensitive data [such as EFS in XP Pro] is also a possible security procedure
though encryption has it's own set of problems such as the legitimate user
being denied access to their own data if best practices are not used or a
false sense of security if the encryption keys are not safeguarded or
implemented correctly or complexities of sharing encrypted data. --- Steve



"mendi1mendi" <mendi1mendi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:26722AB3-7ACD-47C6-857C-53F46BD19AF5@xxxxxxxxxxxxxxxx
I have a password on the Office PC, for bootup, screensaver, etc via my
user
account.

I just found out, that there's a website, www.loginrecovery.com, whereby
one
dowloads a program onto a floppy or CD.

You then insert this disk into the PC, boot it up and it copies the
windows
encrypted file which contains all the info about all user accounts on that
PC
and shuts it back down so no one is aware that someone tampered with this
PC.

You then upload the info to that website and via email they send you back
withing 2 business days all the user names, passwords. If you need it
rush,
they'll send it back withing 10 mintues for 10 Euros. (Looks like they're
in
Europe.)

Is there any protection, software or hardware against such hackers?

I need this ASAP.

Thanks



.

Relevant Pages

  • Re: Decrypt fails
    ... I am creating a MD5 hash data and then using it to derive a key ... (CALG_RC2 encryption algorithm). ... My requirement concerns more with not storing passwords in plain ... > that he provided and compare it to the hash in the database. ...
    (microsoft.public.platformsdk.security)
  • Re: one way permutation?
    ... It's still modular encryption, but it's only ... For that, you DO need public-key techniques, such as ... Look on my page about "Passwords and ... kind -> owner ...
    (sci.crypt)
  • Re: Perl Script
    ... It uses a one way hash. ... AD> just store the encrypted result in the database. ... AD> extract it and reverse the encryption. ... Hashing passwords is much safer than reversible encryption (regardless ...
    (comp.lang.perl.misc)
  • Obfuscating sensitive data? (was: response to tax software not encrypting tax info)
    ... Encryption without a key is useless. ... If you can retrieve the file, brute force is always possible, so nothing ... attacker laugh, assuming he is just a bit smarter than a piece of wood. ... Never just obfuscate the passwords by using a generic key. ...
    (Bugtraq)
  • Re: In child porn case, a digital dilemma
    ... passwords. ... By now PGP has ... poop" having only been invented in 1991 and updated since. ... The fastest way to break encryption is to ...
    (alt.true-crime)