By now it’s probably not that shocking to you to hear about password theft. Everyone knows that the hackers have the ability to steal passwords hoards at a time. What I want people to realize is it can happen to you. Maybe reading this post will shock you into creating stronger passwords BEFORE your passwords get touched inappropriately.
The problem is we hear about password theft much less frequently than we see something like this:
Those little dots are psychologically conditioning us. You can’t see the password, so it must be hidden. In fact, I’ve created passwords in my head that I have never actually seen in print. I haven’t documented these anywhere and they are long so they must be secure, right?
There is a small problem with Windows. The Security Account Manager (SAM) handles the passwords for Windows user accounts. As long as Windows is running this file
can’t shouldn’t be allowed to be accessed, however Windows caches password hashes in memory. Once the password hashes are dumped they can be seen in plain text with a Google search.
Figure out how to dump the password hash you have never seen in plain text, then Google the hash. This is a great way to feel victimized, without actually being victimized. Of course someone could be monitoring your Google searches…
Thanks Volume Shadow Copy -> http://superuser.com/questions/364290/dump-sam-file-while-system-is-running
Or do it with fgdump -> http://www.foofus.net/~fizzgig/fgdump/downloads.htm