The Cellar - View Single Post

Tobiasly · 08-07-2002, 12:52 AM

Exactly. No longer will I have to wait for the helpdesk to give me administrator access!

This looks like it could be huge. Sure, it requires access, but as it mentions, so many corporations focus on restricting access for particular users, not as much in preventing anyone from getting in by any means.

Of course I'm not too familiar with such low-level Win32 API calls, but everything the author describes seems to make sense. Windows does seem to be pretty lax about what certain processes can do with other processes' windows. I remember a couple years back, there were various "password revealer" programs that would un-hide passwords in on-screen windows. All it had to do was grab the h_wnd and change the attribute for "password" to false.

MICROS~1 fixed their libraries so that passwords were hidden differently, and so the revealer programs no longer work. But that was just covering up one particular side effect of this bigger problem. It will be interesting to see how this plays out.

08-07-2002, 12:52 AM	#3
Tobiasly hot Join Date: Mar 2002 Location: Jeffersonville, IN (near Louisville) Posts: 892	Exactly. No longer will I have to wait for the helpdesk to give me administrator access! This looks like it could be huge. Sure, it requires access, but as it mentions, so many corporations focus on restricting access for particular users, not as much in preventing anyone from getting in by any means. Of course I'm not too familiar with such low-level Win32 API calls, but everything the author describes seems to make sense. Windows does seem to be pretty lax about what certain processes can do with other processes' windows. I remember a couple years back, there were various "password revealer" programs that would un-hide passwords in on-screen windows. All it had to do was grab the h_wnd and change the attribute for "password" to false. MICROS~1 fixed their libraries so that passwords were hidden differently, and so the revealer programs no longer work. But that was just covering up one particular side effect of this bigger problem. It will be interesting to see how this plays out.