January 12th, 2007, 07:25 AM
someone steals my passwords
i uses win xp in my home pc with two administrator account and some one (i knew he is from my relative) steals the pass word and the other account holder doesn't do that (his account is safe)
i changed the passwords many times but....password is disable next time i log on. i don't tell any body about password. change it frequently.
can any one tell me where i am going wrong??
January 12th, 2007, 12:16 PM
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
January 12th, 2007, 01:21 PM
That is a pretty comprehensive resource dalek
liionheart, it sounds to me as if the fundamental problem is physical access. If people have unsupervised access to your machine then you can expect to be "owned"
As the password is "disabled" then it doesn't sound like a very sophisticated attack. If it were a keylogger/trojan or your password was actually being "stolen" (cracked) then it would remain the same and you wouldn't see any difference.
The question is why does this person need to do it. Don't they have an account of their own?
About the only thing I can suggest is get a removable hard drive bay (they cost about $20) and lock the drive away when not in use.
January 13th, 2007, 09:00 AM
I can't tell from the original post if this is a home computer or an office computer, either way it sounds like a childish prank rather than a malicious attack and that may explain the complete lack of subtlety.
Originally Posted by nihil
Or if you want a simpler deterrent, lock the door to room where the computer is.
Originally Posted by nihil
And if you really must start spending money when all you really need to do is restrict physical access then one of these might be an idea, but a locked door is still damn important.
\"Some say they go looking for Drugs, Dirty Dancing and Pounding, Pounding Techno Music.\"
*ahem* contact me
January 13th, 2007, 11:49 AM
Actually folks, there are a number of attack vectors here?
1. 3.5" floppy
If you do not have physical control you are at risk, and locking them all down is going to leave you with a box of very limited functionality.
the tree may well be correct............... someone trying to pull his chain?
January 13th, 2007, 12:10 AM
another suggestion is to disable the floppy drive. it's relatively easy to use a floppy with chngntpw on it to acquire admin access to a system by nulling out the password, and replacing it with your own after booting into the then unsecured admin account.
althought the removable hard drive bay is a good suggestion as well.
January 13th, 2007, 04:27 PM
Interesting. I've never heard of this software although I am aware of other software to reset the administrator password. Unfortunately, chngntpw seems to be available from only one site as a download and registration has been suspended :-(
Originally Posted by rasterdragon
January 13th, 2007, 04:56 PM
Wow password reset disk...the forgotten password wizard....I didnt know this about XP
Nice link Dalek...bookmarked
anyway... looks like you need to implement some physical security ...
The Forgotten Password Wizard lets you create a password reset disk that you can use to recover your user account and personalized computer settings if you forget your password. The steps to perform this task differ depending on whether your computer is a member of a network domain or is part of a workgroup (or is a stand-alone computer).
If my kids abuse any computer...thier account becomes disabled for a period of time....and they dont like that very much.
Is it your computer??
How people treat you is their karma- how you react is yours-Wayne Dyer
January 14th, 2007, 12:18 AM
i'm pretty sure i have it *somewhere*. although "where" is a mystery. i've got way too many boxes of floppies and cd's. i'll see if i can locate it.
Originally Posted by Ignatius
January 14th, 2007, 12:36 AM
i found it. it's chntpw. my bad. you can get it at http://home.eunet.no/~pnordahl/ntpasswd/
it's pretty handy, i've used it more than one. you can remove the password to *any* user account on a system. it's fairly straightforward to use.