Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised?

Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Spin 08-31-2008
Posted by Spin on August 31, 2008, 6:15 pm
If you were  Registered and logged in, you could reply and use other advanced thread options


Gurus,

Has anyone ever heard of a local LSA secrets file on a Windows workstation
being compromised?

--
Spin




Posted by S. Pidgorny on September 1, 2008, 5:02 am
If you were  Registered and logged in, you could reply and use other advanced thread options


LSA Secrets are not secured. It may take a while to brute force
individual entries though.


--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Spin wrote:
> Gurus,
>
> Has anyone ever heard of a local LSA secrets file on a Windows workstation
> being compromised?
>
> --
> Spin
>
>
>

Posted by Spin on September 1, 2008, 7:34 am
If you were  Registered and logged in, you could reply and use other advanced thread options


Understood. They exist in plain text inside the LSA Secrets memory process.
One would need to attack that to dump the entries. By default, one needs
SecDebugProcess right in order to do so, by default this is only granted to
Administrators. Which is why one needs to secure the local admin account
and all members of the Administrators to the best of their abilities.



Similar ThreadsPosted
User cannot FTP file from local disk to website. November 12, 2006, 11:08 pm
Anyone heard of pdhepl40.exe? October 24, 2005, 12:58 pm
none of you smart fellers heard about GHP? March 21, 2007, 1:40 am
Have you heard of the Shared Computer Toolkit? June 27, 2005, 7:05 pm
Local Security rights Windows Server 2003 October 8, 2005, 1:57 pm
Compromised? July 16, 2005, 1:25 am
How do I know if I am being compromised March 15, 2006, 9:26 pm
Has my PC been compromised March 18, 2007, 2:58 am
RE: HELP ! My PC has been compromised !! March 11, 2008, 6:51 am
Re: HELP ! My PC has been compromised !! March 11, 2008, 7:38 am

The site map in XML format XML site map

Contact Us | Privacy Policy