[AccessD] Lost Security-Hacking

jcolby at colbyconsulting.com jcolby at colbyconsulting.com
Tue Jul 22 12:02:56 CDT 2003


hold down the alt key and type in the three digit ascii value should
"insert" the special character.

John W. Colby
www.colbyconsulting.com

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Michael
Brosdorf
Sent: Tuesday, July 22, 2003 11:48 AM
To: Access Developers discussion and problem solving
Subject: AW: [AccessD] Lost Security-Hacking


Actually, if you have the MDW-file, you can get all passwords stored in
there. The makers of the product I have also offer hacking of an MDB WITHOUT
the MDW file as a 'service'.

Maybe this will protect a database that absolutely requires an MDW-file
(virtually every multi-user application) a little better:

1. Create a new user account 'dev' in the database and make it the owner of
all objects
2. Develop the application using that account
3. Before distributing the MDW-file: delete that user account completely.
All other accounts should be somewhat restricted to design view objects

(I did not test that - just a thought...)

Just as an interesting fact:
There is a tool called TurboLister that can be used to create ebay auctions
very easy (it is directly from ebay and it is free!). It apparently uses an
MDB file to store it's data. That file is password protected. The tool
displays the password, but it does not work. It looks like they used some
special characters in the password that cannot be entered directly using the
keyboard. I'd be curious to know how that works...


Michael

-----Ursprungliche Nachricht-----
Von: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com]Im Auftrag von Charlotte
Foust
Gesendet: Dienstag, 22. Juli 2003 17:28
An: Access Developers discussion and problem solving
Betreff: RE: [AccessD] Lost Security-Hacking


That would be for the database/application file password, not for
passwords within Access security.

Charlotte Foust

-----Original Message-----
From: Erwin Craps [mailto:Erwin.Craps at ithelps.be]
Sent: Monday, July 21, 2003 10:03 PM
To: Access Developers discussion and problem solving
Subject: RE: [AccessD] Lost Security-Hacking


Please note that you can buy a simple tool to hack any password of
Access, word, excel and other shelf apps... I bought it myself about two
yaers ago for a legitimate reason.... I does not cist much...

-----Oorspronkelijk bericht-----
Van: Arthur Fuller [mailto:artful at rogers.com]
Verzonden: dinsdag 22 juli 2003 7:16
Aan: 'Access Developers discussion and problem solving'
Onderwerp: RE: [AccessD] Lost Security-Hacking


Let's assume that cracking the target is worth $10K US (actually pretty
soon $10K CDN will be worth more :-), but let's ignore currency and
deficit issues. I know two dozen hackers who would devote a week for
such a score, and none is older than 19. You wouldn't believe the cracks
they have offered me. I don't know whether they found them or whether
they know crackers in other countries who offered them the cracks free,
but nothing is safe. Give a 19-year-old geek a gorgeous hooker for a
night and you'd be surprised what he will offer you back.

A.

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Martin Reid
Sent: July 21, 2003 4:08 PM
To: Access Developers discussion and problem solving
Subject: [AccessD] Lost Security-Hacking


Just out of interest

How many could hack a secured Access database?

Martin


_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com
_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

_______________________________________________
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com




More information about the AccessD mailing list