If a knowledgeable computer programmer/hacker had access to my computer, and I have the password for say, party poker, saved on my comp, so I can automatically login, would it be possible for this person to figure out what my password is, based on the fact that I have it saved for auto login?

edit-basically what I'm asking is if saved passwords are somehow retrievalbe.

An experienced hacker with access to your computer can do absolutely anything.

little experience needed.

OK, thanks guys.

[ QUOTE ]
If a knowledgeable computer programmer/hacker had access to my computer, and I have the password for say, party poker, saved on my comp, so I can automatically login, would it be possible for this person to figure out what my password is, based on the fact that I have it saved for auto login?

edit-basically what I'm asking is if saved passwords are somehow retrievalbe.

[/ QUOTE ]

They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[ QUOTE ]
[ QUOTE ]
If a knowledgeable computer programmer/hacker had access to my computer, and I have the password for say, party poker, saved on my comp, so I can automatically login, would it be possible for this person to figure out what my password is, based on the fact that I have it saved for auto login?

edit-basically what I'm asking is if saved passwords are somehow retrievalbe.

[/ QUOTE ]

They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[/ QUOTE ]

Yeah, thats waht I was wondering about....

your password is mcnutterson32.

i havent had the heart to take all your money yet though.

[ QUOTE ]
your password is mcnutterson32.

i havent had the heart to take all your money yet though.

[/ QUOTE ]

Holy [censored]! I'll change it ASAP.

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
If a knowledgeable computer programmer/hacker had access to my computer, and I have the password for say, party poker, saved on my comp, so I can automatically login, would it be possible for this person to figure out what my password is, based on the fact that I have it saved for auto login?

edit-basically what I'm asking is if saved passwords are somehow retrievalbe.

[/ QUOTE ]

They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[/ QUOTE ]

Yeah, thats waht I was wondering about....

[/ QUOTE ]

The encryption is probably not that complex but is probably difficult enough that the hacker couldn't break it himself without a tool already having been made. Also, your username is stored encrypted too.

do not bother.

i have static connection to your password encryption.

make your time. hahahah.

[ QUOTE ]
They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[/ QUOTE ]

That, or use this program (http://www.liewcf.com/blog/archives/2005/03/freeware-to-reveal-hidden-password/). Or this one (http://www.snapfiles.com/get/scpass.html). Or any of these (http://www.google.com/search?q=windows%20masked%20password%20reveal&hl=e n&lr=&c2coff=1&safe=off&sa=N&tab=iw).

[ QUOTE ]
[ QUOTE ]
They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[/ QUOTE ]

That, or use this program (http://www.liewcf.com/blog/archives/2005/03/freeware-to-reveal-hidden-password/). Or this one (http://www.snapfiles.com/get/scpass.html). Or any of these (http://www.google.com/search?q=windows%20masked%20password%20reveal&hl=e n&lr=&c2coff=1&safe=off&sa=N&tab=iw).

[/ QUOTE ]

Wow. This isn't even based on decryption. This just accesses masked text boxes and grabs the data. Seems like a serious design flaw in Windows to allow other programs access to that data.

He wouldn't need to be a hacker to do it.

There is a program called AsterWin that reveals stored passwords.

I haven't tried it on poker clients, but it has worked on every other program I've tried.

wow ive never seen anything like this before. this is the best thing since sliced bread although i would prefer if it didnt exhist.

[ QUOTE ]
[ QUOTE ]

That, or use this program (http://www.liewcf.com/blog/archives/2005/03/freeware-to-reveal-hidden-password/). Or this one (http://www.snapfiles.com/get/scpass.html). Or any of these (http://www.google.com/search?q=windows%20masked%20password%20reveal&hl=e n&lr=&c2coff=1&safe=off&sa=N&tab=iw).

[/ QUOTE ]

Wow. This isn't even based on decryption. This just accesses masked text boxes and grabs the data. Seems like a serious design flaw in Windows to allow other programs access to that data.

[/ QUOTE ]

Yea. Programs like these have worked since Win95. (And presumably on earlier versions, but that was the first I'd used them.) So, if someone has access to your computer - physical or remote - they'll be able to get stored passwords.

[ QUOTE ]
He wouldn't need to be a hacker to do it.

There is a program called AsterWin that reveals stored passwords.

I haven't tried it on poker clients, but it has worked on every other program I've tried.

[/ QUOTE ]

I tested it on Party and the other skins and it works.

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]

That, or use this program (http://www.liewcf.com/blog/archives/2005/03/freeware-to-reveal-hidden-password/). Or this one (http://www.snapfiles.com/get/scpass.html). Or any of these (http://www.google.com/search?q=windows%20masked%20password%20reveal&hl=e n&lr=&c2coff=1&safe=off&sa=N&tab=iw).

[/ QUOTE ]

Wow. This isn't even based on decryption. This just accesses masked text boxes and grabs the data. Seems like a serious design flaw in Windows to allow other programs access to that data.

[/ QUOTE ]

Yea. Programs like these have worked since Win95. (And presumably on earlier versions, but that was the first I'd used them.) So, if someone has access to your computer - physical or remote - they'll be able to get stored passwords.

[/ QUOTE ]

I'm flabbergasted that CERT et al. haven't lobbied Microsoft to change this.

im no expert here, but do you really think its even possible for them to change it? my guess is if they could they would. other OSs probably have the same problem. if the computer can recognize the password so that its saved for future use, then there will be programs that can naturally tap into this usage with correct commands.

[ QUOTE ]
im no expert here, but do you really think its even possible for them to change it? my guess is if they could they would. other OSs probably have the same problem. if the computer can recognize the password so that its saved for future use, then there will be programs that can naturally tap into this usage with correct commands.

[/ QUOTE ]

What's going on here is that Windows is allowing one program (the password grabber) access to another program's data. This is necessary for Windows to work as seamlessly as it does (drag 'n' drop, etc.). However, Windows could have been programmed so that data in masked text boxes is not available to other programs. I see no reason to allow this to be the case.

[ QUOTE ]
im no expert here, but do you really think its even possible for them to change it? my guess is if they could they would. other OSs probably have the same problem. if the computer can recognize the password so that its saved for future use, then there will be programs that can naturally tap into this usage with correct commands.

[/ QUOTE ]

Bingo. If you can solve this problem, you can make a lot of money.

[ QUOTE ]
However, Windows could have been programmed so that data in masked text boxes is not available to other programs. I see no reason to allow this to be the case.

[/ QUOTE ]

This is (basically) called user permissions. Unix/Linux has it and Windows XP doesn't. Longhorn is supposed to have it. On the other hand, if a hacker is good enough to get superuser or root access, then permissions don't matter.

I have a related question for anyone who might know. Is there a program to retrieve stored AIM passwords? Those other programs that unmask the ***** won't work because AIM just has "Saved - click here to change" in the PW area. Thanks for any help.

The subject line of this thread made me laugh

(sorry Wacki /images/graemlins/smile.gif)

No problem. It made me laugh too.