[KLUG Advocacy] Re: linux security

[Mark]

Hmm...
  Now you have me curious.  Why is it so easy to do?

> Adam Tauno Williams wrote:
>
> Given physical access I can crack a Windows 2000/XP box is less than a
> minute.

Is that because there are undisclosed manufacturer's backdoors; you have
a program on floppy/CD which cracks passwords; or you're a really
intuitive codebreaker and type super fast?

I'm somewhat guessing that it is the program on floppy/CD approach.  Are
windows password files unencrypted?  Is it encrypted but the algorithm
is so well known that someone has broken the algorithm? Or, is it that
the file is encrypted but all windows machines use the same key?

My curiosity is more than academic.  Having used many laptops over the
years, I've had occasion to send them back to their manufacturers.  When
a machine running WinXP was returned about a year ago, stuff was changed
that only someone with access to that user account should have been able
to change.  My working theory was that there is a backdoor admin account
and they used admin privileges to change files in a password-protected
user account.

Mark