-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Vishal,
On 28 October 2003, 09:19 -0500 ( 14:19 local time) Vishal [V] in mid:[EMAIL PROTECTED] wrote: V>>> I'm not sure what your point here is..did I miss something in the discussion? MW>> Yes, I think so... V> How? I read the whole thread. Were you talking about the repair scenario? Yes. If someone has concerns about passwords being compromised while the PC is repaired the simple solution is to change them beforehand. If that isn't possible then change them when it's returned. MW>>>> Still more probable than a complete stranger sitting in front of my PC MW>>>> and reeking havoc with his hex editor. (assuming he can log on and MW>>>> access my folders) I think someone would notice that! :-) V>>> This is actually completely unnecessary if this stranger somehow manages to V>>> install a trojan on your machine remotely. MW>> And again. :-) V> No, I don't think I missed anything here. You and others seemed to imply that V> reading those plaintext passwords was only possible if someone had physical V> access. Either when he sat down at your machine to carry out the exploits V> mentioned in the article, or when you gave your hard disk out for repair. This V> isn't necessary. That's because the original text (http://lists.netsys.com/pipermail/full-disclosure/2003-October/012716.html) refers to someone hacking passwords using a hex editor while sitting in front of the PC. Nonetheless, I'm not disputing what you're saying, it's just not very probable on my machine. BTW, the passwords aren't plain text. - -- As ever, Martin Webster The Bat! 2.01.7 | BayesIt! 0.4gm (Windows XP Professional Service Pack 1) -----BEGIN PGP SIGNATURE----- Version: PGP SDK 3.0.2 iQA/AwUBP56vVVv+PP8p0/caEQK7IwCgon5EAgyVgc/3SGSJV3qzB7fAoXgAoKqm uyF1dQSh/8oldw0BV5xACVDB =RwiE -----END PGP SIGNATURE-----
________________________________________________ Current version is 2.01.3 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
