Nope, no encryption. Didn't put his username in for any of the accounts but anyone that knows how to can immediately find out who owns the file. Especially since this is the Shared drive on our network and all 1000 local users have access to it.
Printable View
Nope, no encryption. Didn't put his username in for any of the accounts but anyone that knows how to can immediately find out who owns the file. Especially since this is the Shared drive on our network and all 1000 local users have access to it.
It reminds me of a guy working for the fraud squad in computer misuse, who said he once examined a machine where the user had labelled a folder "Fraud" on his hard drive!
Sometimes you don't need all this forensic technology or leet hacking skills ....
I can understand the password thing................people don't realise where MS defaults to saving stuff....................I guess the person thought it would go to C:\ if that is the local root directory? :D
But to save a password file in plain text in the root of a drive that you knew you weren't the only person that had access to? You might as well not have a password!
My point is that the person did not realise where it would be saved. Like when you first load Win XP it will default to saving downloads to your desktop ;)
I think if I'd gone to the trouble to create some secure passwords, I'd make damn sure I knew where they were being saved! :D
*shrug* making a "passwords.doc" is slightly more intelligent than both the consultants at work and my dad.
Consultants:
piece of paper saying "Admin password: <password>". Worse, they then LEFT this piece of paper in a classroom. Worse still, it was the local admin password. So no quick change in AD, rather a change on every machine. On the other hand, having them change the domain admin for us could have been nasty.
My dad:
postit note stuck to the monitor. So, anyone who steals his pc has his pc and all his online banking. It could make you cry.
I bet that sort of thing is actually more common than you think.
It is ;)Quote:
Originally Posted by Moira
The Hospital that will remain nameless, (I know I'm a big ol' softy because I normally spill everything but when patients and lives can be at risk, I don't) has an IT department, and I've personally been through it.
It's almost sad when you see a server with passwords written on them, or, a Router with the admin password (Warmbeer, still remmeber) on a sticky behind it like "Maybe they won't look behind here and it'll be safe"...
Anyway, that's from Michigan, here I haven't seen many Hospitals from the inside because I haven't been in many places here other than last weekend I got my Tooth fixed (Yea, how many people can or even WOULD say they broke a tooth on a red Bell Pepper not cooked?)....
Hmmmm,
I think people set far too much store by passwords. If you have physical security then it doesn't matter. I have the passwords taped to the outside of all my machines that need one.
Hell, if you don't have physical security then it is trivial to just overwrite the existing administrator password anyway, or just slave the drive on another machine :cool:
And if you boot a live CD then you can do what you like.
If you want security you need to look to encryption...............
;)