XP home administror

[Guest]

My girlfriend has a son that craves porn , so I have set up the
administration password on her computer with a 11 digit password. Nothing
related to them or anything he would guess. I didnt even leave a clue in the
clue box. Some how he has gotten past it and has played porn from a disk or a
removable storage device. Is this possible and if so how do I pervent this
from going on. Short of buying a ammo box and drilling holes in it for cables
to get out the back and pad locking it , I am at my end. There is norton in.
sec. on it and I have it maxed out. Please help. Wits end.

 

[Malke]

My girlfriend has a son that craves porn , so I have set up the
administration password on her computer with a 11 digit password.
Nothing related to them or anything he would guess. I didnt even leave
a clue in the clue box. Some how he has gotten past it and has played
porn from a disk or a removable storage device. Is this possible and
if so how do I pervent this from going on. Short of buying a ammo box
and drilling holes in it for cables to get out the back and pad
locking it , I am at my end. There is norton in. sec. on it and I have
it maxed out. Please help. Wits end.

You can set a BIOS password which will have to be entered before the
computer will load the operating system, but if someone has time and
knowledge and physical access to the computer, he can get in. You could
invest in a case with a lock, but locks can be broken.

Malke

 

[Bruce Chambers]

My girlfriend has a son that craves porn , so I have set up the
administration password on her computer with a 11 digit password. Nothing
related to them or anything he would guess. I didnt even leave a clue in the
clue box. Some how he has gotten past it and has played porn from a disk or a
removable storage device. Is this possible and if so how do I pervent this
from going on. Short of buying a ammo box and drilling holes in it for cables
to get out the back and pad locking it , I am at my end. There is norton in.
sec. on it and I have it maxed out. Please help. Wits end.

As long as someone has physical access to the computer, there is no
bullet-proof way to completely secure it. Your GF's son probably just
downloaded and used one of the many Linux-based password crackers that
are widely available on the Internet. You could try setting the BIOS
password, so that the PC won't even boot without it, but I suspect the
boy is clever enough to get by this, as well. The only true solution
your GF will have is to discipline the boy. She'll have to teach him
the rules, and the consequences of violating those rules. She needs to
be aware that *NO* technical or software solution is fool-proof, and
_none_ can ever adequately take the place of live parental supervision.
If she cannot trust her son to safely use the computer without
supervision, she should consider limiting his use of it.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Bob]

Wait a minute -- how can he crack the Admin password without getting logged
on to the computer to run some software? No human can guess 11 character
passwords in under a year without being very lucky, or if the 11 characters
are simple patterns.

The only way I know of getting onto a PC withoug going through XP's logon
screen is boot to floppy or CD and run some software that will read the file
system, look for where NT keeps the password data, and run the cracking
software on that.

And then if they can read the data that way, can't it be blocked somehow by
using a combination of NTFS security attributes on the applicable folder,
maybe even the 'Encrypt contents to secure data'? I thought those file
system attributes required the ACL to decrypt the disk data, and the ACLs
were not deterministic (meaning you'd have to crack the admin password to
get the ACL to get access to the disk location where the O/S keeps the
password to either confirm the password is correct or get the seed for the
algorithm that cracks the password in the first place.

How long would it take (even with AMD 64 processing power!) to guess all 11
passwords to produce every possible ACL, then use every possible ACL to read
the bytes on disk, until the correct input and output stream occurs that
represents what is expected for the password cracking algorithm?

 

[Bruce Chambers]

Wait a minute -- how can he crack the Admin password without getting logged
on to the computer to run some software? No human can guess 11 character
passwords in under a year without being very lucky, or if the 11 characters
are simple patterns.

By simply booting from a Linux-based CD that contains an application to
crack the Windows password. Windows is never started, so its password
offers *no* deterrent, what-so-ever.

The only way I know of getting onto a PC withoug going through XP's logon
screen is boot to floppy or CD and run some software that will read the file
system, look for where NT keeps the password data, and run the cracking
software on that.

That's what I said in my original post, if not in those precise words.

And then if they can read the data that way, can't it be blocked somehow by
using a combination of NTFS security attributes on the applicable folder,
maybe even the 'Encrypt contents to secure data'?

No. The NTFS permissions have no meaning to Linux, only to another
Windows OS. Data encryption has no bearing upon the discussion of
passwords.

How long would it take (even with AMD 64 processing power!) to guess all 11
passwords to produce every possible ACL, then use every possible ACL to read
the bytes on disk, until the correct input and output stream occurs that
represents what is expected for the password cracking algorithm?

Unknown, and irrelevant. The Linux password crack utilities don't have
to "guess" or "discover" the password, they simply read it.



--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Mark Dormer]

Are there other accounts on the machine?
If so then putting a password on one is not going to stop him.

Regards
Mark Dormer

 

[Malke]

By simply booting from a Linux-based CD that contains an application
to
crack the Windows password. Windows is never started, so its password
offers *no* deterrent, what-so-ever.


That's what I said in my original post, if not in those precise words.


No. The NTFS permissions have no meaning to Linux, only to another
Windows OS. Data encryption has no bearing upon the discussion of
passwords.



Unknown, and irrelevant. The Linux password crack utilities don't
have to "guess" or "discover" the password, they simply read it.

Actually, ntpasswd (which is what I use) doesn't guess the password. It
allows you to *change* the password. Sure, you could spend a lot of
time running something brute force like John the Ripper, but why
bother? Just boot with ntpasswd (which as Bruce pointed out is Linux)
and change the Administrator password to a blank. Reboot and log in
with your new, blank password.

Malke

 

[Guest]

If he has the porn on a CD-Rom or on a USB Drive, he doesn't even need the
admin password. Anyway, he can still view it in IE. There are SO many ways
he can still view it, with or without the Admin Password.

Some Ways to stop this...

1. Hide/Restrict his Hard Drive Access, using this Tweak from TechTV
http://www.g4techtv.com/screensavers/features/50034/Sarahs_Windows_Tweak_Hide_Those_Hard_Drives.html

So When a HD/CD is inserted, it won't show up, however, you can sitll get
access in the address-Bar.

2. Re-Install Windows - Now he has the Admin Password. Not Good. I
recommend doing a clean re-format, to clear the password and stuff.

3. Set Internet Explorer Ratings so porn sites are blocked.

4. Go with Pro. XP Pro has SO many more ways to restrict this kid.
Upgrading to pro is a good idea in this case.

5. Get out the belt. The kid is a hacker and a porn addict. He will be in
jail someday if nothing is done now.

//BMR777