Ctrl-Alt-Del helps keep your password secure...

[Calum]

When logging in to windows 2000 at work, the first screen makes me press ctrl-alt-del to log on. It says  

quote:Ctrl-Alt-Del helps keep your password secure, click help for more details

well after 4 months i finally clicked 'help' to see what they were on about, and guess what:

quote:To log on, press the Delete key while holding down the Ctrl and Alt keys. This key combination is recognized only by Windows, so pressing it before logging on ensures that you are giving your password only to Windows.

This applies only to your Windows or domain password. Passwords associated with Web pages or specific applications will not require you to press Ctrl-Alt-Delete.

what? sorry, i know i am a bit biased but i say HOGWASH!!!!!! Apart from anything else, i know my mandrake linux recognises ctrl-alt-del, what the hell are they talking about?

[KernelPanic]

quote:Originally posted by Calum:
When logging in to windows 2000 at work, the first screen makes me press ctrl-alt-del to log on. It says  

what? sorry, i know i am a bit biased but i say HOGWASH!!!!!! Apart from anything else, i know my mandrake linux recognises ctrl-alt-del, what the hell are they talking about?

When they say windows they mean windows as opposed to any password stealing/cracking program. I'n not sure whether it is supposed to stop keyloggers or brute force p/w cracking programs but whatever it is for it seems a flawed method.

[Calum]

quote:Originally posted by Tux:


When they say windows they mean windows as opposed to any password stealing/cracking program.

wait... you mean windows isn't one of those?

[KernelPanic]

quote:Originally posted by Calum:


wait... you mean windows isn't one of those?

I wouldn't know I don't use it  

[Calum]

touche!      

[mobrien_12]

When you hit ctrl-alt-delete while logged in, you get the dialog which allows you to open the task manager.  When you hit that sequence while not logged in, you get a login dialog box.

The idea is to prevent some buttmunch from logging in and then starting a program which LOOKS like a login screen, but which actually stores your username and password and terminates, leaving the other desktop behind.  This could allow someone, for example, to read the root password when the admin "logs in."  

If such a program were running, the ctrl-alt-delete would bring up the other dialog box, and you would know something fishy was up.

It's actually not a bad idea.  Linux also has support for this, but you need to compile it into the kernel, if I remember right, and it is experimental.

[voidmain]

Yeah, but who needs passwords when dealing with M$ OSs? Maybe they should have spent some of that time programming that super secure CTRL+ALT+DEL code fixing some of the bigger security flaws. But it's all window dressing...

[mobrien_12]

Yeah, I'm certainly not saying that Windows is secure, but that was the idea behind the ctrl-alt-delete to login.  It's not a bad idea, but even a good lock won't secure a broken window.

[Calum]

or a broken windows.

good idea now it's explained, to start with it just seemed to me that it was 'press some key sequence and it magically makes your password secure'.

on the other hand, if the admin did fall for that trick, surely they would realise that it had happened when they saw that the computer behaved unexpectedly afterwards, or is there some way to make it log out and then login as the user whose password details have just been snagged? actually there probably is.

Anyway, if said admin did notice, all they'd need to do is find out who was running the malicious process, freeze their account, change the root password and have a quiet word with the alleged guilty party.

[ December 17, 2002: Message edited by: Calum ]

[cahult]

Well, I just love the inconsistencies in windows. Press start to get to the shut down command, ctrl+alt+del to log in and the same keys to shut down some functions or the whole computer, alt+F4 to exit some apps, ctrl+W for other app exits and so on.

"I propose having Microsoft Headquarters set on fire and destroyed, their employees be driven out and sold as slaves on the open source market!"

Me, 2002

[Calum]

linux is at least as inconsistent amongst its graphical apps, only macs appear to be watertight enough so as not to have a complaint about this sort of thing. (haven't tried BSD or RiscOS or BeOS or anything like that so i can't actually make that last statement with any conviction.)

[beltorak0]

You mean when I press "Control + Alt + Delete" On my linux box, I'm not really pressing those keys!!!  OMG!!! I've been lied to all this time!!!
< ahem >

and yes, it would be possible to write a script that would log the admin's password, log out, then log back in as that admin.  Problem: you might have to have admin perms to do it.  Use: change the password to what you want, run the script to catch the admin's real password, the script then changes it back -- the clueless admin won't notice that he has just given his password out.

Key loggers can be hard-installed.  A small device no longer than your pinky that plugs into the the keyboard slot and has a receptacle for the keyboard.  Holds a few megs of kepresses, accessed via a web browser.  I don't remember the company tho.

As this recent forum shutdown clearly states:
Anyone Who Has Physical Access To A Machine Can Compromise That Machine.

-t.