> When a user wishes to access the internet but doesn't have a specific > ISP in mind a user a can use microsofts connection wizzard to download > a list of ISPs. This wizzard dials to a free phone number stored in > phone.icw and then uses one of the icw*.dun files to authenicate itself > to the network (depending on where in the world you are depends on > which icw*.dun dile is used) Under normal circumstances the connection > wizzard connects to ispreferals.microsoft.com (207.46.152.15) and > downloads a list of local ISP's via series of cab files stored in > various 4 letter directories on the server. The username stored in the > icw*.dun file is "icw5at_private" and the password is "icw5". > One of the dial up servers connected to was tnt59.lnd1.uk.uudial.net. > As you can see this is not a microsoft machine but it does allow you to > access various microsoft machines. (If you are in the UK you connect to > the science park in Cambridge, one of Microsofts research centers). > > Recommendations > --------------- > Store passwords in an encrypted form I investigated this a couple of years back. If I remember correctly the freephone connection you get is extremely limited. I could access about 3 hosts, do a DNS lookup and download the cab files you mention. I couldn't find any way to break out of it, (though I was a bit clueless back then). If anyone's poked around with some more success I'd love to hear about it. As for storing the plain text passwords of regular .ins files, I agree it's not ideal. But, given that ISPs love to give you a personalised .ins file with your username/password in it, and it's not a mamoth task to extract them from the registry, or from the connect dialog box, it doesn't seem worth worrying about. - Blazde
This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 11:58:12 PDT