June 22nd, 2005 12:58 AM
Just so people know, I'm a 15 year old high school student who just finished grade 10. I noticed that your advertising Deep Freeze under security products. Admins at my school are in love with deepfreeze and think its the answer to all their prayers. According to testimonials on their site, it is uncrackable and I've even heard tell that there have been competitions where computer experts try to crack the program. Now I know what I'm about to say probably won't go over well with some of you, and I hope I don't get banned or anything as a result. I just want you to know that it was never done with malicious intent and has never been used to do anything wrong. That said: a friend and I decided we wanted to try to crack deepfreeze, we took the program winhex and found the password hash located inside the deepfreeze program. Next, we found the version of deepfreeze that was being used on the school system and downloaded that same version at my friend's house. We then set the password on his computer to "a" and examined the password hash that resulted. We continued until the password hash on his computer matched that of the school's. Upon trying it at school the next day, we realized that we had indeed successfully obtained the password. Incidently, it was also the password for the school's admin account. I was just wondering, does anyone know if this is still possible on newer versions of deepfreeze and we only managed it because the school hasn't updated? The entire process took only a few hours and it seems to be a pretty big security flaw to me.
What meaning has my life that the inevitability of death cannot destroy it?