Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back a page or two to re-sync the thread and this will then show latest posts. Thanks, Mike.

Windows password store???

  • 27-09-2005 8:28pm
    #1
    voodoo
    Registered Users, Registered Users 2 Posts: 785 ✭✭✭


    Hi all,

    Can someone let me know where Windows XP stores passwords that may have been entered on a machine. For instance, is there anywhere that Hotmail passwords are stored, or even online banking credentials? I have heard or IT depts being able to get into a departed users hotmail account by finding their passwords for Hotmail.

    Cheers,

    Voodoo


Comments

  • #2
    Random
    Closed Accounts Posts: 19,080 ✭✭✭✭Random


    Unless there's a key logger or the person has chosen to store login details or passwords using INternet Explorer or Firefoxes "auto-fill" features then there really isn't a way.


  • #3
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    As said, without a keylogger, there's no way for anyone to find out your hotmail password. However, IE does store hotmail pages in its cache and these are browseable, so anyone with admin access to the machine can browse through the mails in your cache. I just looked at a few of my housemate's hotmail emails as proof-of-concept.

    I do find that a bit weird, since hotmail uses ssl, so IE shouldn't really be storing the pages.


  • #4
    Karoma
    Registered Users, Registered Users 2 Posts: 19,396 ✭✭✭✭Karoma


    seamus wrote:
    I just looked at a few of my housemate's hotmail emails as proof-of-concept.

    :eek:


    Are you sure that it uses SSL all the way through the session, and not just login? IIRC: it jumps back to a normal session after login(It has been a while since I looked ..)


  • #5
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    MSN Messenger can store details in the registry..although encrypted
    can be cracked, logs can also be decoded, perhaps, may have mentioned
    details while in a conversation or email.

    dumping memory, could be source of information

    i'm not saying its possible to dump hotmail password from memory
    of process like FireFox or Internet Explorer, even after the user has logged out..but i wouldn't dismiss it.

    its been known to happen before with other software.
    i would assume that when IE or FF gets the password from a html form,
    it stores it in memory.

    perhaps, it doesn't clear this information after it has (possible encryption)
    sent it to the hotmail server.

    could also be a flaw in the passport service floating around in the underground..hate to use the word "underground" but ..you know what i mean. :)

    what about man-in-the-middle attacks?? there are many ways that
    you could get password, if given the right access.


  • #6
    voodoo
    Registered Users, Registered Users 2 Posts: 785 ✭✭✭voodoo


    Hi guys,

    Thanks for the feedback. I know that this place has used keyloggers in the past, which from a legislative point of view, I dont believe is legal!

    Anyway, thanks again for all the feedback.

    Regards,

    Voodoo


  • Advertisement
  • #7
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    There are packet sniffers out ther that come preconfigured to capture any data posted to the web.

    -Using SSL will save you from this.



    -SSl it will take about 12 years to break(a leacture on SSL last year) personally i believe a lot less depending on key strength and not takeing into account Mosses law.


    Dont ask browser to save your passwords IT usually know your login password

    As for keyloggers Debate about this in security thread at the moment


  • #8
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Karoma wrote:
    Are you sure that it uses SSL all the way through the session, and not just login? IIRC: it jumps back to a normal session after login(It has been a while since I looked ..)
    You're right. I had thought they moved to full encryption throughout the session.
    IT usually know your login password
    IT never know your login password, unless you tell them. That said, they have access to everything on your machine and home folder.


  • #9
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 92,385 Mod ✭✭✭✭Capt'n Midnight


    seamus wrote:
    You're right. I had thought they moved to full encryption throughout the session.
    IT never know your login password, unless you tell them. That said, they have access to everything on your machine and home folder.
    Here are some of the things that can be done easily, and are probably legal too since they are dealing with company property and resources.

    IT can reset your logon password. This is why you NEVER need to give it to them ever, ever, ever.
    They would then be able to logon as you and then your browser / dial up settings would use any saved passwords.

    They would not see the saved passwords directly, BUT, they could try to logon to sites in your history and if you used a company email account to register with an online service like boards or microsoft passport or whatever they could click on the Forgot Password option and simply collect the password email when it arrives.

    Or they could look up their email server for the original sign-up confirmation email.

    Moral - clear all passwords and make sure nothing important is pointing at your company account when you leave.


Advertisement