Windows Vista - Hack of user account password

My cliient's Dell XPS 1530 laptop running Windows Vista 64-bit Service Pack 2 with Norton 360 version 3 had its only user account password hacked, i.e., someone changed the password to something different from the original password so my client could not log on.  The computer was hard wired to the Internet via a very old D-Link router attached to a Comcast cable modem.  I am interested in learining about the ways the user account password could have been changed without my client's knowledge.  For example, if someone had access to the computer, they could have made the change unbeknownst to my cient.  What are some other ways?  Thanks in advance for your thoughts.
bbaumbergerConsultantAsked:
Who is Participating?
 
Gideon7Commented:
I suggest developing a system of passwords that your client can recreate from memory.  For example take the last 2 letters of the web site and append it to a secret prefix -- for Amazon use "Secreton", for bankofamerica.com use "Secretca", for EBay use "Secretay", etc.   For added obfuscation you can do a letter shift ("Secretpo", "Secretdb", "Secretbz"), or some other simple transposition.
0
 
rickrytheCommented:
Possibly the computer being left unlocked and logged into the desktop or their are various windows password recovery iso's that can be downloaded and burned to a disk. Weak password could have been an issue too. How secure is the location of the computer?
0
 
rickrytheCommented:
Also their could be a possibility that the laptop wasn't connected to a secure wireless connection and someone was using a program like cain & abel to sniff the network and could have gained access that way too.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
bbaumbergerConsultantAuthor Commented:
The computer is located in a residential environment with access limited to my client and his wife.  He has had a practice of using the SAME password for EVERYTHING.  Naturally, he is now listening to my counsel about creating unique, strong passwords for every electrronic relationship.  Fortunately, he is not an e-commerce afficiando.  I am wondering if a malicious script tied to an email attachment could have changed the user account password.  Interestlingly, my client is in the public eye, and the new user account password hint reflected that the perpetrator knows his famous vocation, so it was not a random attack.
0
 
ReaktiuMCommented:
As the above people have said, maybe the user has gotten directly into your computer and changed the password via the Control Panel. Another way is that the user may have used OphCrack, which is an application to crack the passwords of a Windows computer, to access the password, then change it from there.

Other ways also include the use of keyloggers to gain the password, then change it.
0
 
jb2286Commented:
I've used a program called Spotmau Powersuite 2009 - this program has the capability to change user passwords from booting into it's Linux-based boot mode and also using the Spotmau Windows-based tool to change passwords.  According to Spotmau, there is a portion of the registry that stores user passwords and is encrypted.  It's difficult to change passwords supposedly, but wiping them and then re-establishing a password is the method Spotmau uses.

Is your client setup on a domain?  If so, you could change the user permissions to never allow a password change for that user, so unless the blackhat gets a hold of your server and domain admin. credentials, you should be better off.
0
 
OriNetworksCommented:
I really dont see any gain for someone wanting to maliciously change the password. Is it at all possible that the client did change the password and simply forgot?

Here are some methods for changing the password

If the person had physical access to the computer:
-Boot from a password reset cd (Offline NT Password and Registry Editor)
-If the computer was left unattended and unlocked, simply changing the password there
-The user changing the password with CAPS LOCK on so when they enter the password next time it seems like a different password
-A family member changes the password without informing the owner

Any other circumstance
-Brute force password guessing
-Dictionary attacks to guess the password
-Sniffing passwords sent over the internet/network (if same password is commonly used)
-Malware/spyware/virus/worm changing the current users password
0
 
johnb6767Commented:
Someone could have had remote access to a command shell, via some exploit, and changed it that way as well. Are you sure the password was changed? Possible that the SAM got corrupted, and doesnt recognize the current password?
0
 
bbaumbergerConsultantAuthor Commented:
Thanks to all for thoughtful, incisive suggestions.  
0
 
bbaumbergerConsultantAuthor Commented:
Each person contrubing to thus question provided useful infomation that underscores the importance of using strong passwords that are changed periodically.  Thanks to all contributors.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.