Hi Martin Tuesday, October 28, 2003, 1:02:56 PM, you wrote:
MW> Yes. If someone has concerns about passwords being compromised while the MW> PC is repaired the simple solution is to change them beforehand. If that MW> isn't possible then change them when it's returned. Actually, both would have to be done. MW> That's because the original text MW> (http://lists.netsys.com/pipermail/full-disclosure/2003-October/012716.html) MW> refers to someone hacking passwords using a hex editor while sitting in MW> front of the PC. You're right. But it doesn't specifically have anything to do with sitting in front of the PC. He probably experimented on his own machine, so he did it that way. It talks about using a hex editor, but that vulnerability could just as easily be exploited remotely on a downloaded file. MW> Nonetheless, I'm not disputing what you're saying, it's just not very MW> probable on my machine. I'm sure you're right :) MW> BTW, the passwords aren't plain text. My mistake, I meant "messages" :p Cheers, -- Vishal ________________________________________________ Current version is 2.01.3 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
