Password

Computer Help and Discussions Windows Security
1

I wonder how many users realise that their ISP password can be listed in the registry.

2

What where.

Can I get rid of it???:@:@

3

Proper windows security is to use the sam hive for passwords. And with Vista, no more lanmanager attacks are possible by default.

Whats more concerning is that most people use the same mail password for their main mail account as their isp login account which is all sent in plain text to the isp being easily picked up by promiscous nics. Which is easily fixed by using encrypted mail if important information is being shared in email.

4

ISP password? I don't have to login to get online. I just switch the PC on and away I go.

The only time I have to logon is if I want to check my ISP email account, which is rare as I use an email client to retrieve them.

Not sure what you mean... :blink:

5

Some ISP's require account and password before connecting. You probably have same kind of connection as me, where password isn't needed and the computer/modem receives IP automatically upon connecting.

6

My ISP requires a password before connection Spysnake.

7

Perhaps changing things to "Require Encryption" would help. Albeit I've never used it before, so if it breaks your Internet don't blame me. :P

8
ISP password? I don't have to login to get online. I just switch the PC on and away I go.

My ISP supplied SpeedStream DSL modem automatically connects my systems to the Internet and I have no access to it so I don't worry about it as its their prerogative to do so.

From what I read it also has a built in firewall that prevents malicious inbound attempts but on my WinXP Home systems I have the Windows firewall enabled and no other software firewalls installed as they really slow down the Internet connections and are only needed by the truly paranoid people that would love to live in a totally antiseptic atmosphere that is impervious to good and bad bacteria.

9

I think the point I was making was probably not explained well. As the ISP login is sent on plain text to the ISP its open for snarfing. This isnt a serious problem because every ISP I know has intrusion detection systems and security measures for that kind of stuff. The exploit I was talking about that to me is more of an issue is the clear text credentials for ISP mail accounts. Hazelnut if the passwords are in someones registry instead of properly secured in the users Vista sam hive (or modified XP installs so they dont have the lanman weaknesses) that is a harder target than simply snarfing out the clear text credentials over the connection from the user to the ISP. If the user has the same main mail password as their isp account (which many do) thats an easy backdoor into their mail for spamming / identity fraud etcetc