| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <445BBC95.8030600@katsokotisivuilta.ni> Date: Sat May 6 01:47:35 2006 From: seemyhomepage at katsokotisivuilta.ni (Markus Jansson) Subject: Windows XP Home LSA secrets stores XP loginpassphrase in plain text Johd Doe sayed: >Markus, if a villain has physical access to >your computer you have bigger issues than this. You obiously didnt bother to read these part of my message: - "You can, for example, decrypt all EFS encrypted files" - "You can, for example, try that same password in all kinds of places where that users is logging in (since chances are hes using the same password or variations of it elsewhere)." You can NOT do these if you just get physical access to the computer (without this bug), since EFS remains secure and your password unknown to attacker. Especially focus on the following I sayed: - "..The next time users sign in to the computer, their passwords etc. can be recorded and abused by villan. However, notice the words "next time users sign in"! If someone steals the computer, that doesnt happen. If someone leaves hints that system is tampered, that doesnt happen." -- ???My computer security & privacy related homepage http://www.markusjansson.net Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy.
Powered by blists - more mailing lists