The SAM file on Windows is impossible to retrieve while the Windows kernel is running. The kernel has an exclusive read/write lock on the file and any attempt to access it will be denied. It is possible to read an NTFS file-system outside of the OS even while the OS is running but we're talking about deep-file system inspection.

I was expecting to read one of the normal fear-mongering stories that we often see on /. (e.g. "Drop Box sends passwords in plain text!!") but actually this is one of the most serious OS level holes I've seen in years. Not only can you retrieve the password for any user on the system but you can also reset their password without having to know what it was.

People have posted "they're still hashes so you still have to break them" which is of course true, but if you keep reading down he shows you how to reset the other user's password without ever having to know them.

Is this really surprising to anyone? There are two ways to hide traffic. The first is illegal and it will cover your tracks because you can use hacked machines without any logging. The second is legal and it is very hard to hide yourself. The only legal way which might actually work is if you bounced through a country with no diplomatic ties to the West but very few of those are even on the internet.

So back to this company. Does it surprise anyone that a company located in the UK of all places would have to give up logs when a judge orders it to? It is that way in almost every Western state. If US law enforcement requested such information I see no reason why a UK court shouldn't grant it (although you'd have to decide on a case by case basis).

/. is on the same level in terms of its importance to Microsoft's business. Tons of technical people read /. including Network Admin, Programmers, and just your local technical handy-man. We are who most non-technical people get their recommendations and knowledge from. If we say something bad about Microsoft then the people we influence will listen.

That is why Vista failed. The technical people said it was bad so it was bad. That's why Microsoft has gone to such pains with Windows 7 and Windows 8 to keep us as a group happy and so far it has worked for them.

This list is fairly poor, but I just wanted to draw negative attention to UltraDefrag and all third party defrag programs. A lot of people use third party solutions but very few actually know why they are using them, except for claims like "they are better!" The truth is that defragging a hard drive is a fairly simple process that is hard to get wrong, you literally just re-organise chunks together into blocks. Windows Defrag gets it right, and to be honest you cannot improve on just getting it right, so why do third party solutions need to offer an alternative? The best they could accomplish is matching the Windows Defragger, and the worst is that they could do a poorer job...

Why are they trying to buy a failed OS that nobody uses? I could understand it if it came with some IP of note, but it doesn't. Plus let's be honest it will expand their consumer base by almost nobody that matters - a few geeks who made a poor purchasing decision.

I'm not one to harp on about Open Source and Linux, but in this one case it is a situation where HTC should be investing that cash into their own Linux/Android branch rather than buying WebOS which is worth little or nothing.

You're asking if Open Source will "take off" in the UK government but last time I checked Linux servers were already heavily used within UK government organisations (although, granted, Windows Server is also).

As a UK CS grad, let me say that there are far too many unemployed I.T. people at the moment, many of which have a decade of experience. You want someone who knows your system already rather than someone you need to train up to that standard.

The UK is broadly speaking a service industry country which means we can support lot's of I.T. people in good-times, but also means we have a lot of excess employees when the economy goes tits up.

In other, related, news the US [software and methods] patent system is completely fucked up - beyond broken. Everybody knows it but nobody is willing to fix it.

So not only did they hide a break-in from the internet at large, including companies (e.g. Google) which were by extension the target, but they also aren't able to tell how many or what kinds of fake certificates got generated by the break-in? If you ask me their entire CA needs to be revoked, and a new one started. They can then re-issue all legitimate certificates under the new CA. That is the only safe way to do it.

http://www.tenba.com/products/Messenger--Photo-Laptop-Daypack.aspx

Is anyone really surprised that promoting violent actions on the internet gets the authorities involved? How many incidents has the Secret Service in the United States been involved in since Obama took office? I remember one extremely similar to this in which someone from New Mexico I believe posted on their private Facebook page about hurting Obama, and someone reported them, so the SS "had" to investigate, and it turns out it is like a middle-school kid.

Long story short, if you go posting about how you want to hurt X or Y, even if they're in a country the popular media has on its propaganda of evil list at the moment it is still illegal and immoral.

But what if the pilot got hold of a weapon they could use to hurt people! Like an aircraft for example... Oh wait....

If the US had real competition you would have providers offering $10 broadband as standard without any income requirements. The rest of the Western world (ex. Canada) seem to be able to manage it. How long is the US going to let themselves be held hostage by the big two providers?

Sorry, but this assessment shows huge ignorance. Not only does he misunderstand how LuzSec and Anon' operate, he also entirely fails to explain either how a foreign government would benefit from infiltrating them or how they would go about doing so in such a spread out group.

I think a lot of military people are stuck in the past. They don't understand the internet age. They call things "cyber wars" with "cyber armies" and imagine these big well organised forces likely well financed via the normal means.

Fact is both LuzSec and Anon' are a threat. But that threat doesn't require another government or organised group to exist. It doesn't require millions in military aid. In fact it is just a rag-tag group of people who want to do what they want to do. It is very similar to terrorism, and the military are just as incapable dealing with online threats as they are terrorism threats.

To be honest I think people like Mr. Moores are part of the problem. Part of the reason the military cannot understand these threats. Fire his and the old guys, hire in some experts who know shit about the 21st century.