This is the first I've heard of this -- although I'm not terribly surprised,
given that it's such an obvious point of attack on WFW machines (and so can be
used as a launch point for more serious attacks).
Where can I get more information on this?
MIS Operations Manager
Independent National Mortgage
Pasadena, CA 91101
To: firewalls @ GreatCircle.COM @ Internet
cc: (bcc: Kenneth Smith)
From: malcolm.melville @ reuters.com (malcolm melville 071 510 8472) @ Internet
Date: 12/11/95 02:42:38 PM CST
Subject: MS password cracker
I know that this maybe the wrong list to ask on, but does anyone have any
information on protective measures against the .PWL cracker? Is there a
list/newsgroup somehere that is keeping up to speed on this one.
We have rung MS and they cannot confirm or deny that there is a security breach
- well I think we know better since the program worked on the .PWL files we
tried it against. Have MS admitted to a breach anywhere yet - maybe its not too
serious a problem to retrieve passwords subsecond?