James, Did you notice this line towards the end of the article: "an attacker would need administrator rights to a system to grab the file that contains the password hashes"?
For one, I don't see many attackers obtaining administrator rights on your Windoze notebook and secondly administrator right or machine "root" on a server are not that easy to come by. Star among Windoze vulnerabilities is still ignorance and undertrained staff of commercial users. The largest users seem to also be the ones that have the worst teams on staff. And if bad hacks are manning the IT department, they are likely to buy the latest and most expensive security gadgets and then forget to disable the defaults on their brand-new Unix or Sun systems. Anyone remember the default remote service access for Sun servers? user?pass = [EMAIL PROTECTED] You'd be amazed how many graduates are flashing certificates and have no clue that superuser levels exist independent from admin and root access levels. The funny thing is that almost all pre-2001 servers have it and since 1999 it's not mentioned in the server documentation anymore... And just to drive the point home, these are not Windoze machines but Nixes and Suns. Cheers, Robert. budget & privacy website hosting http://www.cyberica.net budget & privacy domain registrations + mail http://www.u2planet.com/cfdomaintrust.html --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
