In
Message-ID:<1164121193.720099.164020@j44g2000cwa.googlegro ups.com>,
paolo.digiacomo@gmail.com wrote:

>Arthur T. ha scritto:
>
>>
>> Also, there's something akin to a back-door in Compusec. In
>> their Yahoo support group, one message said:
>>
>> >Hi, may I recommend you to send your Securityinfo.dat file to:
>> >
>> >support.sg@ce-infosys
>> >
>> >Send it with a request to have them extract your UserID and password
>> >reset code.
>> >
>
>You don't even need to send this file to them. It is enough to open it
>with a text editor to find userid and reset password in plaintext!!!
>To emphasize the BIG security limit of this program, if someone manages
>to access your pc with administrative privileges (e.g. if you leave it
>unattended and logged in, or if you let someone to use your pc, at
>work, for example) even for few minutes he/she can create this
>Securityinfo.dat file and use it to gain the reset password. This can
>obviously happen also if he/she manages to obtain the Securityinfo.dat
>file you created during the installation (i.e. because you did not
>store it in a safe place).

You're right. It's right there.

When installing, CompuSec tells you to back up the file to
external media in case something happens to the file on your hard
disk. I don't think the program says that the information can be
used *all*by*itself* to break into your machine. I had figured it
was like the PGP keyring: You're sunk without it, but, even with
it, you need your passphrase.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a good MVS systems programmer position