Question for Wacki or someone else who is smart

[ethan]

[ QUOTE ]
They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[/ QUOTE ]

That, or use this program. Or this one. Or any of these.

[jason_t]

[ QUOTE ]
[ QUOTE ]
They are stored in an encrypted format. He would have to know how to crack the encryption to get your password.

[/ QUOTE ]

That, or use this program. Or this one. Or any of these.

[/ QUOTE ]

Wow. This isn't even based on decryption. This just accesses masked text boxes and grabs the data. Seems like a serious design flaw in Windows to allow other programs access to that data.

[TimM]

He wouldn't need to be a hacker to do it.

There is a program called AsterWin that reveals stored passwords.

I haven't tried it on poker clients, but it has worked on every other program I've tried.

[TStoneMBD]

wow ive never seen anything like this before. this is the best thing since sliced bread although i would prefer if it didnt exhist.

[ethan]

[ QUOTE ]
[ QUOTE ]

That, or use this program. Or this one. Or any of these.

[/ QUOTE ]

Wow. This isn't even based on decryption. This just accesses masked text boxes and grabs the data. Seems like a serious design flaw in Windows to allow other programs access to that data.

[/ QUOTE ]

Yea. Programs like these have worked since Win95. (And presumably on earlier versions, but that was the first I'd used them.) So, if someone has access to your computer - physical or remote - they'll be able to get stored passwords.

[jason_t]

[ QUOTE ]
He wouldn't need to be a hacker to do it.

There is a program called AsterWin that reveals stored passwords.

I haven't tried it on poker clients, but it has worked on every other program I've tried.

[/ QUOTE ]

I tested it on Party and the other skins and it works.

[jason_t]

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]

That, or use this program. Or this one. Or any of these.

[/ QUOTE ]

Wow. This isn't even based on decryption. This just accesses masked text boxes and grabs the data. Seems like a serious design flaw in Windows to allow other programs access to that data.

[/ QUOTE ]

Yea. Programs like these have worked since Win95. (And presumably on earlier versions, but that was the first I'd used them.) So, if someone has access to your computer - physical or remote - they'll be able to get stored passwords.

[/ QUOTE ]

I'm flabbergasted that CERT et al. haven't lobbied Microsoft to change this.

[TStoneMBD]

im no expert here, but do you really think its even possible for them to change it? my guess is if they could they would. other OSs probably have the same problem. if the computer can recognize the password so that its saved for future use, then there will be programs that can naturally tap into this usage with correct commands.

[jason_t]

[ QUOTE ]
im no expert here, but do you really think its even possible for them to change it? my guess is if they could they would. other OSs probably have the same problem. if the computer can recognize the password so that its saved for future use, then there will be programs that can naturally tap into this usage with correct commands.

[/ QUOTE ]

What's going on here is that Windows is allowing one program (the password grabber) access to another program's data. This is necessary for Windows to work as seamlessly as it does (drag 'n' drop, etc.). However, Windows could have been programmed so that data in masked text boxes is not available to other programs. I see no reason to allow this to be the case.

[wacki]

[ QUOTE ]
im no expert here, but do you really think its even possible for them to change it? my guess is if they could they would. other OSs probably have the same problem. if the computer can recognize the password so that its saved for future use, then there will be programs that can naturally tap into this usage with correct commands.

[/ QUOTE ]

Bingo. If you can solve this problem, you can make a lot of money.