[ISN] Padlocking Windows 95

From: mea culpa (jerichot_private)
Date: Thu Oct 29 1998 - 17:24:37 PST

  • Next message: mea culpa: "[ISN] ies2.net security advisory - gateway port scanning [firewalk]"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimet_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.981029182409.13132kt_private>
    Padlocking Windows 95
    by Niall McKay
    7:00 p.m.  16.Oct.98.PDT
    Fred Phelps had 25 Post-it Notes on the side of his computer monitor, each
    with a different password to the various systems he accessed daily. In
    this respect, he's hardly alone. 
    "I could never remember if a password was the last four digits of my
    social security number or my date of birth," said Phelps, CEO of
    Arosurgical, a surgical-equipment manufacturer in Newport Beach,
    Earlier this month, Phelps -- in a bid to better protect his computer
    files -- decided to hire eEye, a computer-security startup based in Corona
    Del Mar, California, to evaluate his system.
    What it found was that Phelps' computer was an open book, beginning with
    his Post-it Notes and ending with the password configuration. Would-be
    intruders, it said, commonly use "PWL Crack," a Windows 95 decryption
    program, to unlock password information from Windows machines. The program
    decrypts .pwl password files, accessed easily with the Windows 95 Find
    eEye gave Phelps a copy of its newly developed password-protection
    program, codenamed Padlock. 
    Padlock stores all of a network's users' Windows passwords in a single
    file, which is stored in a 128-bit encrypted database. In a situation that
    requires a password, the software will automatically launch and prompt the
    user for his Padlock password -- also protected in the encrypted database. 
    When the password is verified, Padlock unlocks the database and retrieves
    the correct Windows password and logs onto the system. Essentially, it
    adds a layer of crypto protection and eliminates the need to remember
    muliple Windows passwords. 
    "Windows 95 has very poor security," said Marc Maiffret, a programmer and
    security consultant with eEye. "Any network is only as strong as the
    weakest link in the chain. So, we decided to start with the basics and
    wrote Padlock." 
    Padlock is currently in beta, and will be available in November for US$50. 
    eEye is also developing a server-security scanner called Retina, planned
    for a December beta release. 
    Retina will check for potential points of entry into a computer network.
    To test a company's system, a network manager would type in a list of its
    local Internet protocol numbers. Retina will scan the ports and report
    back potential security holes, along with a list of recommendations. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:09:24 PDT