reset-password

Windows Password Recovery: ONTPRE

Offline NT Password & Registry Editor (ONTP&RE)

Did you lock yourself out of your Windows system?  Forgot your Windows password?  What is the best Windows password recovery?

The best way is to have a Windows Recovery disc ready.  But this is something you must do BEFORE you get locked out.

reset-password

reset-password

There are tools you can use to get into your system, but the first think you should try is to use “Administrator” as the user with no password.  “Administrator” is a default account on Windows systems.  On Windows 7 it is disabled by default but if someone has used the account you may be able to use it as backdoor into the system.

If their is not Administrator account and no Windows Recovery disc you will have to use a Windows password recovery tool.  ONTP&RE is a password recovery tool that allows quick access to windows systems.

Reset Password : Windows 7

1.  Download ONTP&E: First, download the Windows password recovery software from pogostick.net . pogostick.net/~pnh/ntpasswd/cd110511.zip

2.  Unzip ONTP&E:  Files are compressed into 1 folder named ( cd110511.zip).  Unzip the file.

3.  Create CD with ISO:  Set the cd disc creator into ‘image to  disc’’. Burn the image to the cd.  Each CD burner software is different, so you will have to figure out how to create a CD from the ISO.  Sometimes its as easy as double clicking the ISO but it depends on the type of software.

4.  Reboot & Insert:  Actually, you need to make sure your Windows system is able to boot from the CD.  Once its done , insert the cd back to the CD ROM  and reboot your computer.

5.   Computer Boot from CD:  As your computer reboots, keep hitting F2 to go through the BIOS.  Select “Boot Options”.  Some versions of BIOS call this “Boot”.  But the idea is the same.  Go into the BIOS and make sure CDROM is on the top of the list for boot options.  This means that the computer first looks at the CD before going to the Hard Drive.  Instructions on modifying BIOS settings will be listed on the page.

6.  Boot into ONTRE:  Once the BIOS boot option is set, save and exit.  Your system will boot into your ONTRE disc.  Software will start running. Just follow the steps.  “Press enter” to boot into the “Offline NT Password & Registry Editor” CD.

windows password recovery

screen shot of Offline NT Password & Registry Editor

7.  Select an Account:  It will ask you to select an account.  If you hit “Enter” it will automatically boot into the [Administrator] account.

*note: Anything in [brackets] is the default value, so if you hit “Enter” it will auto-magically choose that [bracket] value.. its a linux thing.. you wouldn’t understand.

If you choose the “Administrator” account, you may need to Enable the account since the built-in Administrator account is  disabled by default in certain versions of Windows.

8.  Enable Built-in Administrator Account:  The Windows account  needs to be enabled.  Select 4  and enter ‘to Unlock and enable user Account’.

windows ontpre menu enable

windows ontpre menu

9.  Clear (blank) User Password:  After selecting 4-Unlock and Enable user account, you will be sent back to the User Edit Menu. If you want to clear the Administrator password (if it has one) then hit enter or type Administrator and Select 1 and “Enter” – to clear the user password.

10.  Save Changes:  Once you have made all the changes you want (enabled the Administrator account & cleared any passwords), you are ready for the next step.  Hit  ‘!’ and enter.

Windows Password save changes

Windows ONTP&RE password save change

On the screen it asks ‘What to do’?  hit q to quit. You will see:

Step FOUR:  Writing back changes

“About to write file(s) back.  Do it ?’’

Hit   Y  and enter to save changes.

11.  Last Step:  Hit “Ctrl-Alt-Del” to reboot and eject the cd quickly.  This will allow the system to boot into Windows on the Hard drive.

You can now login as “Administrator” with NO password.

Once you are in as Administrator you can change passwords of any local accounts in Control Panel | Users.

Scientists launch new, ‘unbreakable’ encryption system

A new encryption system, which its creators say is unbreakable, got its first test run Wednesday in Vienna, scientists from the European Union project SECOQC announced.

digg user kinthiri explains:
Quantum cryptography is unbreakable because if any 3rd party views it that does not have the credentials and is not the intended recipient, the simple viewing of the encrypted data by that third party changes that data such that even the intended recipient can’t decrypt it. Thus they know that there is a 3rd party viewing the stream. Effectively the data self destructs if anyone attempts to intercept it or decrypt it. This is not a new phenomenon.

What is new is that its being used commercially. It had previously been used experimentally by the military in association with researchers, but this is the first time its been brought to life outside test environments and is available commercially.

The nature of quantum mechanics makes this truly unbreakable. You couldn’t even factor this using your own quantum computer, if you could even get one with enough qbits.

read more | digg story

Quantum Key Distributions (part 1)

The NIST has an page that talks about Quantum Key Distribution:

Quantum encryption systems use lasers to generate individual pulses of light called photons. Each photon is sent in one of two modes, either vertical/horizontal, or plus 45 degrees/minus 45 degrees. Within each mode, one orientation represents the digital value 0, and the other represents the digital value 1. To visualize how this works, imagine that each photon is a tiny envelope moving perpendicular to the ground (vertical=1), parallel to the ground (horizontal=0), tilted at 45 degrees to the right (plus 45 degrees =1) or tilted 45 degrees to the left (minus 45 degrees=0). NIST 

Its almost scary how much has been done in relatively so little time in the “Information Age” and its only just the beginning.  
 

The possibilities are unimaginable.  I thought it was a bit extreme when I read an Author C. Clarke sci-fi novel called, Light of Other Days in which people can send messages directly from brain to brain (some sort of brain to brain Internet) via a device that sends messages on a subatomic level.  Now it doesn’t sound so strange anymore (well, ok, its still strange but it seem possible now).
 

Here are some mind blowing articles about quantum entanglement:
 

Quantum Teleportation of data (actually it’s the instantaneous transfer of quantum states, but teleportation sounds cooler)
      The thing is that it has already being done:
      http://news.nationalgeographic.com/news/2004/08/0818_040818_teleportation.html
      http://www.research.ibm.com/quantuminfo/teleportation/
      http://www.sciam.com/article.cfm?chanID=sa006&articleID=ABBA5449-E7F2-99DF-3ACFAC15B16FEC60&colID=30
      http://techreport.com/onearticle.x/12870
 

Quantum Entanglement as an explanation for so called psychic phenomenon:
      Highly controversial as parapsychology is the “leprosy” of
      science.  Just a hypothesis but interesting:
      http://www.deanradin.com/NewWeb/EMblurbs.html

Security Certifications: DoD 8570

For Government workers doing any kind of computer security/information assurance, the new regulation, DOD 8570 is a very important document.

DOD 8570, Information Assurance Training, Certification and Workforce Management, requires that all government workers (active duty, govt civilian and contractors) doing security work have a security certification. The DoD is really trying to crack down on security.

Among the top security certification that you can get are the CISSP and the CISA

Getting the top certs and then further specializing could give you the edge. For example, CISSP with an CISA (auditor) would cover a lot of ground as would a CISA and an IDS/C&A/Architecture specialists. It would really kick ass to cover ALL ground. This would not be difficult. Not sure if each specialization would require further certifications.

Cost, Renown, Difficulty Comparisons:http://dmiessler.com/writing/infoseccerts/

Includes: GSEC, CISSP, CISA*note: GSEC is $800 and difficult

Security Certs and their levels according to 8570:http://taosecurity.blogspot.com/2006/01/dod-directive-8570.html

Tech level I-III & Management Level I-III*note: GSEC is Tech level II

Future Areas of IA Certification:

 

Certification and Accreditation

IDS and Analysts

Auditors

CND/SP members

IA architectures, engineers

NIST Slide on 8570 

(slide 10)On a recent FISC slide I saw Red team (pentesting/hacking) among these future specializations.

 

 

Store Passwords in a Secure Password Safe

KeePass is a free/open-source password manager or safe to help you
manage your passwords in a secure way. Put all your passwords in one
database, which is locked with one master key or a key-disk. The
databases are encrypted using the best and most secure encryption
algorithms currently known (AES and Twofish).

read more | digg story