Jump to content

Password


hazelnut

Recommended Posts

Proper windows security is to use the sam hive for passwords. And with Vista, no more lanmanager attacks are possible by default.

 

Whats more concerning is that most people use the same mail password for their main mail account as their isp login account which is all sent in plain text to the isp being easily picked up by promiscous nics. Which is easily fixed by using encrypted mail if important information is being shared in email.

Link to comment
Share on other sites

ISP password? I don't have to login to get online. I just switch the PC on and away I go.

 

The only time I have to logon is if I want to check my ISP email account, which is rare as I use an email client to retrieve them.

 

Not sure what you mean... :blink:

Link to comment
Share on other sites

ISP password? I don't have to login to get online. I just switch the PC on and away I go.

My ISP supplied SpeedStream DSL modem automatically connects my systems to the Internet and I have no access to it so I don't worry about it as its their prerogative to do so.

 

From what I read it also has a built in firewall that prevents malicious inbound attempts but on my WinXP Home systems I have the Windows firewall enabled and no other software firewalls installed as they really slow down the Internet connections and are only needed by the truly paranoid people that would love to live in a totally antiseptic atmosphere that is impervious to good and bad bacteria.

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

I think the point I was making was probably not explained well. As the ISP login is sent on plain text to the ISP its open for snarfing. This isnt a serious problem because every ISP I know has intrusion detection systems and security measures for that kind of stuff. The exploit I was talking about that to me is more of an issue is the clear text credentials for ISP mail accounts. Hazelnut if the passwords are in someones registry instead of properly secured in the users Vista sam hive (or modified XP installs so they dont have the lanman weaknesses) that is a harder target than simply snarfing out the clear text credentials over the connection from the user to the ISP. If the user has the same main mail password as their isp account (which many do) thats an easy backdoor into their mail for spamming / identity fraud etcetc

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.