Author Topic: Ctrl-Alt-Del helps keep your password secure...  (Read 707 times)

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Ctrl-Alt-Del helps keep your password secure...
« on: 13 December 2002, 20:35 »
When logging in to windows 2000 at work, the first screen makes me press ctrl-alt-del to log on. It says  
quote:
Ctrl-Alt-Del helps keep your password secure, click help for more details
well after 4 months i finally clicked 'help' to see what they were on about, and guess what:
quote:
To log on, press the Delete key while holding down the Ctrl and Alt keys. This key combination is recognized only by Windows, so pressing it before logging on ensures that you are giving your password only to Windows.

This applies only to your Windows or domain password. Passwords associated with Web pages or specific applications will not require you to press Ctrl-Alt-Delete.


what? sorry, i know i am a bit biased but i say HOGWASH!!!!!! Apart from anything else, i know my mandrake linux recognises ctrl-alt-del, what the hell are they talking about?
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Ctrl-Alt-Del helps keep your password secure...
« Reply #1 on: 13 December 2002, 20:45 »
quote:
Originally posted by Calum:
When logging in to windows 2000 at work, the first screen makes me press ctrl-alt-del to log on. It says  

what? sorry, i know i am a bit biased but i say HOGWASH!!!!!! Apart from anything else, i know my mandrake linux recognises ctrl-alt-del, what the hell are they talking about?



When they say windows they mean windows as opposed to any password stealing/cracking program. I'n not sure whether it is supposed to stop keyloggers or brute force p/w cracking programs but whatever it is for it seems a flawed method.
Contains scenes of mild peril.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Ctrl-Alt-Del helps keep your password secure...
« Reply #2 on: 13 December 2002, 20:53 »
quote:
Originally posted by Tux:


When they say windows they mean windows as opposed to any password stealing/cracking program.



wait... you mean windows isn't one of those?
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

KernelPanic

  • VIP
  • Member
  • ***
  • Posts: 1,878
  • Kudos: 222
Ctrl-Alt-Del helps keep your password secure...
« Reply #3 on: 13 December 2002, 20:59 »
quote:
Originally posted by Calum:


wait... you mean windows isn't one of those?



I wouldn't know I don't use it  ;)
Contains scenes of mild peril.

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Ctrl-Alt-Del helps keep your password secure...
« Reply #4 on: 13 December 2002, 21:23 »
touche!  ;)   :D  
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Ctrl-Alt-Del helps keep your password secure...
« Reply #5 on: 17 December 2002, 11:57 »
When you hit ctrl-alt-delete while logged in, you get the dialog which allows you to open the task manager.  When you hit that sequence while not logged in, you get a login dialog box.

The idea is to prevent some buttmunch from logging in and then starting a program which LOOKS like a login screen, but which actually stores your username and password and terminates, leaving the other desktop behind.  This could allow someone, for example, to read the root password when the admin "logs in."  

If such a program were running, the ctrl-alt-delete would bring up the other dialog box, and you would know something fishy was up.

It's actually not a bad idea.  Linux also has support for this, but you need to compile it into the kernel, if I remember right, and it is experimental.
In brightest day, in darkest night, no evil shall escape my sight....

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Ctrl-Alt-Del helps keep your password secure...
« Reply #6 on: 17 December 2002, 12:01 »
Yeah, but who needs passwords when dealing with M$ OSs? Maybe they should have spent some of that time programming that super secure CTRL+ALT+DEL code fixing some of the bigger security flaws. But it's all window dressing...
Someone please remove this account. Thanks...

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Ctrl-Alt-Del helps keep your password secure...
« Reply #7 on: 17 December 2002, 12:07 »
Yeah, I'm certainly not saying that Windows is secure, but that was the idea behind the ctrl-alt-delete to login.  It's not a bad idea, but even a good lock won't secure a broken window.
In brightest day, in darkest night, no evil shall escape my sight....

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Ctrl-Alt-Del helps keep your password secure...
« Reply #8 on: 17 December 2002, 13:43 »
or a broken windows.

good idea now it's explained, to start with it just seemed to me that it was 'press some key sequence and it magically makes your password secure'.

on the other hand, if the admin did fall for that trick, surely they would realise that it had happened when they saw that the computer behaved unexpectedly afterwards, or is there some way to make it log out and then login as the user whose password details have just been snagged? actually there probably is.

Anyway, if said admin did notice, all they'd need to do is find out who was running the malicious process, freeze their account, change the root password and have a quiet word with the alleged guilty party.

[ December 17, 2002: Message edited by: Calum ]

visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

cahult

  • VIP
  • Member
  • ***
  • Posts: 1,186
  • Kudos: 182
Ctrl-Alt-Del helps keep your password secure...
« Reply #9 on: 17 December 2002, 13:44 »
Well, I just love the inconsistencies in windows. Press start to get to the shut down command, ctrl+alt+del to log in and the same keys to shut down some functions or the whole computer, alt+F4 to exit some apps, ctrl+W for other app exits and so on.

"I propose having Microsoft Headquarters set on fire and destroyed, their employees be driven out and sold as slaves on the open source market!"

Me, 2002
"The gentleman is dead, the feminists killed him" Anonymous

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Ctrl-Alt-Del helps keep your password secure...
« Reply #10 on: 17 December 2002, 14:00 »
linux is at least as inconsistent amongst its graphical apps, only macs appear to be watertight enough so as not to have a complaint about this sort of thing. (haven't tried BSD or RiscOS or BeOS or anything like that so i can't actually make that last statement with any conviction.)
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

beltorak0

  • Member
  • **
  • Posts: 223
  • Kudos: 0
    • http://www.angelfire.com/realm/beltorak
Ctrl-Alt-Del helps keep your password secure...
« Reply #11 on: 18 December 2002, 05:49 »
You mean when I press "Control + Alt + Delete" On my linux box, I'm not really pressing those keys!!!  OMG!!! I've been lied to all this time!!!
< ahem >

and yes, it would be possible to write a script that would log the admin's password, log out, then log back in as that admin.  Problem: you might have to have admin perms to do it.  Use: change the password to what you want, run the script to catch the admin's real password, the script then changes it back -- the clueless admin won't notice that he has just given his password out.

Key loggers can be hard-installed.  A small device no longer than your pinky that plugs into the the keyboard slot and has a receptacle for the keyboard.  Holds a few megs of kepresses, accessed via a web browser.  I don't remember the company tho.

As this recent forum shutdown clearly states:
Anyone Who Has Physical Access To A Machine Can Compromise That Machine.

-t.
from Attrition.Org
 
quote:
Like many times before, Microsoft is re-inventing the wheel and opting for something other than round.

-t.