[AccessD] Lost Security-Hacking

MartyConnelly martyconnelly at shaw.ca
Tue Jul 22 13:45:03 CDT 2003 

A typical trick is to use Ascii 255 Hex FF which is a blank, some people 
have been known to use
this especially in DOS when used in a filename to stop deletes. People 
assume the blank is Ascii 20
the keyboard space character.

jcolby at colbyconsulting.com wrote:

>hold down the alt key and type in the three digit ascii value should
>"insert" the special character.
>
>John W. Colby
>www.colbyconsulting.com
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Michael
>Brosdorf
>Sent: Tuesday, July 22, 2003 11:48 AM
>To: Access Developers discussion and problem solving
>Subject: AW: [AccessD] Lost Security-Hacking
>
>
>Actually, if you have the MDW-file, you can get all passwords stored in
>there. The makers of the product I have also offer hacking of an MDB WITHOUT
>the MDW file as a 'service'.
>
>Maybe this will protect a database that absolutely requires an MDW-file
>(virtually every multi-user application) a little better:
>
>1. Create a new user account 'dev' in the database and make it the owner of
>all objects
>2. Develop the application using that account
>3. Before distributing the MDW-file: delete that user account completely.
>All other accounts should be somewhat restricted to design view objects
>
>(I did not test that - just a thought...)
>
>Just as an interesting fact:
>There is a tool called TurboLister that can be used to create ebay auctions
>very easy (it is directly from ebay and it is free!). It apparently uses an
>MDB file to store it's data. That file is password protected. The tool
>displays the password, but it does not work. It looks like they used some
>special characters in the password that cannot be entered directly using the
>keyboard. I'd be curious to know how that works...
>
>
>Michael
>
>-----Ursprungliche Nachricht-----
>Von: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com]Im Auftrag von Charlotte
>Foust
>Gesendet: Dienstag, 22. Juli 2003 17:28
>An: Access Developers discussion and problem solving
>Betreff: RE: [AccessD] Lost Security-Hacking
>
>
>That would be for the database/application file password, not for
>passwords within Access security.
>
>Charlotte Foust
>
>-----Original Message-----
>From: Erwin Craps [mailto:Erwin.Craps at ithelps.be]
>Sent: Monday, July 21, 2003 10:03 PM
>To: Access Developers discussion and problem solving
>Subject: RE: [AccessD] Lost Security-Hacking
>
>
>Please note that you can buy a simple tool to hack any password of
>Access, word, excel and other shelf apps... I bought it myself about two
>yaers ago for a legitimate reason.... I does not cist much...
>
>-----Oorspronkelijk bericht-----
>Van: Arthur Fuller [mailto:artful at rogers.com]
>Verzonden: dinsdag 22 juli 2003 7:16
>Aan: 'Access Developers discussion and problem solving'
>Onderwerp: RE: [AccessD] Lost Security-Hacking
>
>
>Let's assume that cracking the target is worth $10K US (actually pretty
>soon $10K CDN will be worth more :-), but let's ignore currency and
>deficit issues. I know two dozen hackers who would devote a week for
>such a score, and none is older than 19. You wouldn't believe the cracks
>they have offered me. I don't know whether they found them or whether
>they know crackers in other countries who offered them the cracks free,
>but nothing is safe. Give a 19-year-old geek a gorgeous hooker for a
>night and you'd be surprised what he will offer you back.
>
>A.
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Martin Reid
>Sent: July 21, 2003 4:08 PM
>To: Access Developers discussion and problem solving
>Subject: [AccessD] Lost Security-Hacking
>
>
>Just out of interest
>
>How many could hack a secured Access database?
>
>Martin
>
>
>_______________________________________________
>AccessD mailing list
>AccessD at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com
>_______________________________________________
>AccessD mailing list
>AccessD at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com
>_______________________________________________
>AccessD mailing list
>AccessD at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com
>
>_______________________________________________
>AccessD mailing list
>AccessD at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com
>
>
>_______________________________________________
>AccessD mailing list
>AccessD at databaseadvisors.com
>http://databaseadvisors.com/mailman/listinfo/accessd
>Website: http://www.databaseadvisors.com
>
>  
>

More information about the AccessD mailing list