I think the point is microsoft is storing passwords rather than
salted, iterated hashes of passwords, storing EFS symmetric keys in
clear text or lightly obfuscated in LSA keys which is not encrypted,
just protected by policy tied to the windows login, and all these
insecure things vs say linux loo
> Arshad Noor wrote on 30 April 2008 20:36:
>
>> It can be "ordered to decrypt system passwords"??? So, I wonder
>> what attackers can do with this...
>
> They can run pwdump, lsadump, samdump, dump the pstore, snarf the SAM,
> all
> that kind of stuff that is completely routine and everyday.
>
Arshad Noor wrote:
> It can be "ordered to decrypt system passwords"??? So, I wonder what
> attackers can do with this...
>
> Arshad Noor StrongAuth, Inc.
>
> "Microsoft revealed its development of a digital forensic analysis toolkit at
> a security conference yesterday as part of a wider discus
It can be "ordered to decrypt system passwords"??? So, I wonder
what attackers can do with this...
Arshad Noor
StrongAuth, Inc.
"Microsoft revealed its development of a digital forensic analysis toolkit at a
security conference yesterday as part of a wider discussion of how technology
can be u
4 matches
Mail list logo
