I got to be a hero yesterday, for something that I’m not particularly proud of: Recovering a lost password in Windows XP.
I’d tell you the context but you wouldn’t believe it anyway. Suffice to say that this isn’t the first time I’ve had to find a password for this particular person.
The revelation for me though, was how frighteningly easy it was to get passwords for the entire system, and how quickly it was finished.
I used Ophcrack in its low-ram version, which runs with Slitaz (yay Slitaz!) as its foundation. There are other versions on the same ISO though.
With this machine and the host system mounted as an external drive, it scrounged all the passwords for every account — including accounts the owner didn’t even know about — in about a minute and a half.
I am amazed, dismayed and chagrined, all at once.
I am not a security person. Security and passwords and encryption and things like that are just not interesting. I know, I should be more security-minded, but it’s all very ho-hum to me.
At the same time I am reminded of something I was told a long, long time ago … that if the physical security of a computer is compromised, all bets are off.
For me, yesterday was a good example of that.