Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

XPFixation -- One Security 'feature'

by mt2k (Hermit)
on Jul 05, 2002 at 06:37 UTC ( #179573=note: print w/replies, xml ) Need Help??

in reply to XPFixation -- The Essential Windows XP Whoring Tool

Just to exploit one little security problem with XPFixation, I have created the XPFixation Exploit program.

IT just demonstrates one small problem... it's a 1.34 MB file, so you may have to be patient if you are on a dial up connection speed. Also, please note that this program is 100% safe... run it with a virus scanner, firewall, and anything else you can think of!

My main point being, that some kind of encryption scheme or anything to improve security should be implemented...

Update: I have now thrown together a perl script that does the same thing, plus gives you the option of deleting the XPFixation info from your computer. Here it is:

#!/usr/bin/perl -w use strict; use Win32::TieRegistry; $Registry->{"HKEY_CURRENT_USER\\Software\\XPFixation"} or die "XPFixation is not configured on this machine.\n"; (my $user = $Registry->{"HKEY_CURRENT_USER\\Software\\XPFixation\\User +name"} and my $pass = $Registry->{"HKEY_CURRENT_USER\\Software\\XPFixation\\Pas +sword"}) or die "The XPFixation configuration has been tampered with.\n" . "Cannot display account information.\n"; print qq| The configuration for XPFixation has been found on your machine. PerlMonks Account Information: ------------------------------ Username: $user Password: $pass Delete this info from your computer? (Y/N) |; if (<STDIN> =~ /^y/i) { delete $Registry->{"HKEY_CURRENT_USER\\Software\\XPFixation\\"} or die "Unable to delete this information from your computer!\n"; die "Your PerlMonks account information has been successfully remove +d.\n"; } else { die "Your PerlMonks account information has NOT been removed.\n"; }

Replies are listed 'Best First'.
(jcwren) Re: XPFixation -- One Security 'feature'
by jcwren (Prior) on Jul 05, 2002 at 13:10 UTC

    From the documentation:

    Username, password, etc are stored in the registry, under HKEY_CURRENT_USER\Software\XPFixation, in plain text.

    It's much easier to use 'regedit' or 'regedt32' to view or remove this information, which is why I mentioned the key it was stored under.


    e-mail jcwren

      Disclaimer: I am posting this as a reply because I am apparently being ignored by jcwren, so don't downvote me for posting something that should have been sent as a /msg.

      For starters, I did not mean to sound like I am bashing the program (XPFixation). I think a lot of the tools available on the site concerning PerlMonks are really hip and cool, including XPFixation.

      Also, it's not like I am scared that some monk is going to write a program to snoop the registry values and send them via e-mail or anything... and even if someone did, I only use my PerlMonks password for PerlMonks, so the most damage they could do is login and yell at people in the chatterbox, resulting in a series of downvotes. (Ack! Please, nobody think of this!)

      And even though I actually stated it was for 'security' reasons, I think it is really just for an additional feature to the program... how many programs store 'sensitive' information in plain text? It would be great to see some kind of protection (even if it is mild) added to the program.

      So I apologize if I sounded rude or against all of the work you put into XPFixation! It was programmed in C, so I can't really comment on the programming (as I lack the skills of the C language). Besides, knowing that I am losing XP all of the time is helpful. ;)

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://179573]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2022-10-05 14:51 GMT
Find Nodes?
    Voting Booth?
    My preferred way to holiday/vacation is:

    Results (24 votes). Check out past polls.