On Thu, May 24, 2001 at 10:21:08PM -0500, Florin Iucha wrote: > On Thu, May 24, 2001 at 07:01:13PM -0700, Munir Nassar wrote: > > there is a linux bootdisk that has NTFS support and > > you can use this floppy to "recover" windows > > 2000/NT4/NT3.51 Administrator passwords... talk about > > sloppy security! > > Not to nitpick too much here but with a boot/root linux disk I can do that too > with your Linux box. Not to nitpick too much, but it may not be the same thing, depending on what Munir meant by "recover". With a linux boot floppy, you can _reset_ the root password, but you still can't find out what the existing password is (which is what I take "recover the password" to mean). Changing the root/admin password to something you know gives you control of the box, but is immediately obvious to the real admin. And, as you pointed out, you really can't stop someone with physical access to the machine from doing this. Discovering the existing password is far, far worse. Not only is it not obvious to the box's legitimate owner, they may have used the same password on other systems, which you now have access to also. Fortunately, it's not too difficult to make this effectively impossible these days. -- That's not gibberish... It's Linux. - Byers, The Lone Gunmen Geek Code 3.12: GCS d? s+: a C++ UL++++$ P++>+++ L+++>++++ E- W--(++) N+ o+ !K w--- O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv+ b+ DI++++ D G e* h r y+