From: Microsoft Product Security <[EMAIL PROTECTED]>
Date: Wed, 28 Mar 2001 07:08:28 -0800
- ----------------------------------------------------------------------
Title: Passwords for Compressed Folders are Recoverable
Date: 28 March 2001
Software: Plus! 98 and Windows Me
Impact: Data compression passwords can be recovered.
Bulletin: MS01-019
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS01-019.asp.
- ----------------------------------------------------------------------
. . .
Mitigating Factors:
====================
- The password at issue here is not related in any way to the
user's network logon password. It is used solely for
password-protecting compressed folders.
Considering how frequently most people tend to reuse passwords, this is
a pretty strong statement. Since Microsoft states that the folder
password is "not related in any way to the user's network logon
password" with such confidence, that would seem to imply a mechanism
that prohibits password reuse when establishing the folder compression
password. Is that the case, or does this statement merely promote a
false sense of security?
-- Bob Rogers
