How secure is the Windows login system?

castlevania · #1 06-21-2007, 09:35 PM

Say I've played some poker in a public place. I leave my computer turned on and go to the bathroom. When I get back I see my computer has been stolen. I then realize I left my keepass database open. Damn. But at least the Windows login screen had activated it self with my screen saver.

I figure if the potential hax0r thief has to restart the computer (close my keepass database) he won't be able to get my password even though he has skills. But is it possible for him to get by the Windows login screen screen without having to restart the computer? How hard would it be for him, i.e how good a hax0r would he need to be?

funkyworms · #2 06-21-2007, 10:30 PM

To get past it without restarting he would have to be a pretty skilled h4x0r (i dont even know if it is possible). To get past it with a restart is trivial.

nuclear500 · #3 06-21-2007, 10:30 PM

When you have access to the console and hardware, there is absolutely no system anywhere that is secure. There are plenty of ways to boot into the OS in what is called pre-execution state and modify the SAM (Security Accounts Manager) or in the world of Linux simply straight up change passwords etc etc.

You wouldn't even need to be savvy, just know where to look for it online. All-In-One CD ISO's basically, boot from CD and golden.

jjshabado · #4 06-21-2007, 10:52 PM

You're very likely to be fine. But change your password anyway.

goldtoes · #5 06-22-2007, 09:53 AM

[ QUOTE ]
You're very likely to be fine. But change your password anyway.

[/ QUOTE ]

I'm assuming you're talking about the passwords stored in keypass because unless the thief brought him back his PC, that's probably impossible.

But anywho OP: I don't think there would be anyway for them to gain access from the login screen when it is locked without having to reboot it or knowing your administrator password (which hopefully you set - most people leave it blank). He can definitely hack your Windows password in 20 seconds after a reboot - and whether he can get any vital information from that is the important part. I would definitely change all of your passwords that are stored in Keypass, though.

jjshabado · #6 06-22-2007, 07:12 PM

[ QUOTE ]
[ QUOTE ]
You're very likely to be fine. But change your password anyway.

[/ QUOTE ]

I'm assuming you're talking about the passwords stored in keypass because unless the thief brought him back his PC, that's probably impossible.

[/ QUOTE ]

Clearly I was. He seemed to be worried about the villain having access to his poker accounts.

jumbojacks · #7 06-22-2007, 09:03 PM

[ QUOTE ]
When you have access to the console and hardware, there is absolutely no system anywhere that is secure. There are plenty of ways to boot into the OS in what is called pre-execution state and modify the SAM (Security Accounts Manager) or in the world of Linux simply straight up change passwords etc etc.

You wouldn't even need to be savvy, just know where to look for it online. All-In-One CD ISO's basically, boot from CD and golden.

[/ QUOTE ]

QFT

KipBond · #8 06-23-2007, 04:55 PM

[ QUOTE ]
When you have access to the console and hardware, there is absolutely no system anywhere that is secure.

[/ QUOTE ]

I haven't tried it, but this looks promising.

psionic storm · #9 06-24-2007, 01:09 AM

you can crack the password hash bring your laptop when you take a piss

castlevania · #10 06-24-2007, 06:08 AM

[ QUOTE ]
you can crack the password hash

[/ QUOTE ]

What does this mean? Crack the login screen or keepass?