View Single Post
Old 07-03-2002, 01:19 PM  
floris
Member
 
Join Date: Jul 2002
Posts: 65
Default my thought

In your scenario, if you are on a friends system (your a bad friend then hehe) and you want their pass, just put Revelation on a disk and pop it in. Quickly slide the curcor over the input field with the *** and it will reveal the pass. (see screenshot)

I think Ethanol has a good point here, if no pass is set, anyone behind the system can set one, and reveal the passes. On the other hand, the end user is kind of responsible for who he is letting on his system. But a worm/trojan installed on a system that scans for secured, tries to set a pass, reads out the insecure passes and removes the pass again, emails it to a given addy.. is harder to stop. This is why I think it is currently more secure to not secure it.
Attached Thumbnails
Application Password Protection Flaw-security-jpg  
floris is offline