someone steals my passwords
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: someone steals my passwords

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    13

    someone steals my passwords

    hello,
    i uses win xp in my home pc with two administrator account and some one (i knew he is from my relative) steals the pass word and the other account holder doesn't do that (his account is safe)
    i changed the passwords many times but....password is disable next time i log on. i don't tell any body about password. change it frequently.
    can any one tell me where i am going wrong??
    thanks

  2. #2
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Quote Originally Posted by liionheart
    hello,
    i uses win xp in my home pc with two administrator account and some one (i knew he is from my relative) steals the pass word and the other account holder doesn't do that (his account is safe)
    i changed the passwords many times but....password is disable next time i log on. i don't tell any body about password. change it frequently.
    can any one tell me where i am going wrong??
    thanks
    Some reading... http://www.kellys-korner-xp.com/win_xp_passwords.htm
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    That is a pretty comprehensive resource dalek

    liionheart
    , it sounds to me as if the fundamental problem is physical access. If people have unsupervised access to your machine then you can expect to be "owned"

    As the password is "disabled" then it doesn't sound like a very sophisticated attack. If it were a keylogger/trojan or your password was actually being "stolen" (cracked) then it would remain the same and you wouldn't see any difference.

    The question is why does this person need to do it. Don't they have an account of their own?

    About the only thing I can suggest is get a removable hard drive bay (they cost about $20) and lock the drive away when not in use.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Quote Originally Posted by nihil
    As the password is "disabled" then it doesn't sound like a very sophisticated attack. If it were a keylogger/trojan or your password was actually being "stolen" (cracked) then it would remain the same and you wouldn't see any difference.

    The question is why does this person need to do it. Don't they have an account of their own?
    I can't tell from the original post if this is a home computer or an office computer, either way it sounds like a childish prank rather than a malicious attack and that may explain the complete lack of subtlety.
    Quote Originally Posted by nihil
    About the only thing I can suggest is get a removable hard drive bay (they cost about $20) and lock the drive away when not in use.
    Or if you want a simpler deterrent, lock the door to room where the computer is.

    And if you really must start spending money when all you really need to do is restrict physical access then one of these might be an idea, but a locked door is still damn important.
    \"Some say they go looking for Drugs, Dirty Dancing and Pounding, Pounding Techno Music.\"
    *ahem* contact me

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Actually folks, there are a number of attack vectors here?

    1. 3.5" floppy
    2. USB
    3. DVD
    4. CD
    5. Network

    If you do not have physical control you are at risk, and locking them all down is going to leave you with a box of very limited functionality.

    the tree may well be correct............... someone trying to pull his chain?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    another suggestion is to disable the floppy drive. it's relatively easy to use a floppy with chngntpw on it to acquire admin access to a system by nulling out the password, and replacing it with your own after booting into the then unsecured admin account.

    althought the removable hard drive bay is a good suggestion as well.

  7. #7
    Senior Member
    Join Date
    Oct 2004
    Posts
    183
    Quote Originally Posted by rasterdragon
    ... a floppy with chngntpw on it to acquire admin access ...
    Interesting. I've never heard of this software although I am aware of other software to reset the administrator password. Unfortunately, chngntpw seems to be available from only one site as a download and registration has been suspended :-(

  8. #8
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Wow password reset disk...the forgotten password wizard....I didnt know this about XP

    Nice link Dalek...bookmarked

    The Forgotten Password Wizard lets you create a password reset disk that you can use to recover your user account and personalized computer settings if you forget your password. The steps to perform this task differ depending on whether your computer is a member of a network domain or is part of a workgroup (or is a stand-alone computer).
    anyway... looks like you need to implement some physical security ...

    If my kids abuse any computer...thier account becomes disabled for a period of time....and they dont like that very much.

    Is it your computer??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  9. #9
    Quote Originally Posted by Ignatius
    Interesting. I've never heard of this software although I am aware of other software to reset the administrator password. Unfortunately, chngntpw seems to be available from only one site as a download and registration has been suspended :-(
    i'm pretty sure i have it *somewhere*. although "where" is a mystery. i've got way too many boxes of floppies and cd's. i'll see if i can locate it.

  10. #10
    i found it. it's chntpw. my bad. you can get it at http://home.eunet.no/~pnordahl/ntpasswd/
    it's pretty handy, i've used it more than one. you can remove the password to *any* user account on a system. it's fairly straightforward to use.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides