Vista - Just a thought or two on potential...

I am a father of two young girls--a soon-to-be six-year-old and a just turned three-year-old. The six year old is in kindergarten and she loves it. I enjoy sitting with her helping her with her homework and in my mind, mulling over the wonderful possibilities in store for her because of her potential. I, at times, contrast my thinking with other thoughts that have her not being a success in what she sets out to do--yeah, it is hard thinking, but as with everyone with potential, hers might never see itself into fruition. So what does this have to do with anything tech related? The other day, I posted a response to a person who was having a difficulty with their computer. That person stated that their child could not access the account that was set up for that child on a computer--Windows would not recognize the password the child was inputting. O.k. In my earnest attempt at helping the situation, I recommended the use of a program that would retrieve the password already in use. O.k., to be more specific, the program cracks the Vista encrypted SAM files and retrieves the password for you. Because of that, I was met with an infraction. I am not going to go into the "why the infraction is or is not justified" thing, I want to talk about potential. The reason for the infraction, as it was explained to me by the administrator, is that the program does indeed crack the Vista SAM files to retrieve the password. The program, used wrongly, gives a person the POTENTIAL to use the program for means that are not right. O.k., let's say what it really can do--the program could give a person unauthorized access to a computer that is not their own. Herein lies the fine line: the program merely gives the user the POTENTIAL to use the program in an illegal manner; however, it is still up to the user whether or not he or she will use the program for good or bad. It is potential. With my hands, I can use a brick to build a wall, or throw that brick at a car window to take the items from within the car. With my tongue, I can give a word of encouragement or I can tear a person down by ridicule. With my computer, I can use my spare processing power to help in studying protein folding or I can send malware to others. It is up to the user--that's what I'm trying to get at. The program in question--I have used on my own computer to see how it works, but I have also enlisted the program's use to retrieve forgotten passwords from the computers of friends and family. Whether its use was for friends or family, the potential was always there for me to access the password without the owner's permission. The odd thing about that, in my opinion, is that if one of my friends or family wants me to help them with their computer, don't you think that by the close association, I already would have access to the computer anyway? Unless I was using the program to retrieve the password at their request, I would not have no need to use the password retrieval program to get their password because, more than likely, they would already be comfortable with me going into their computer unsupervised (where I could REALLY do some damage if I wanted to)!

So, back to square one... potential.
I work for the City of Compton, California, USA. I happened to meet the head of the IT department for the City one day. I said to him, "What do you have to do to get in the department? I got skills, man! I know this stuff." (yada, yada, yada). He said, "You A+ certified?" I said, "No." He said, "You gotta start there man--that's pretty much entry level to get in here." "Okay, I'll get my cert.," I replied. That was in May 2008. August I had my certification. I did it as fast as I could given that I still had work, a wife, and two daughters to manage, along with my studying. Granted, I really did know my way in, out, and around a computer already, but if this guy was saying that entry level into an IT career is having A+, then I'm like, "Gotta get mine!" The point of this story was to state that potential was there too: the potential for me to set out and get what I wanted to achieve or the potential for me to give in and cave in to the stresses and demands of work, a wife, and two children and say "This is too much!," and not follow through with what I wanted to achieve. So, you have a program that cracks Vista to get your own password out of your own computer... You use the program to help yourself out or a friend or two or some family member out. You don't give in and say, "I've got the power in my hand to get into my bosses computer so I think I will." You got the potential in your hand to right or wrong. It's your choice, right?

Due to people using the same password for lots of different things, revealing the password opens up lots more security issues than just reseting it and that is why we will never allow it here.

cool. just wanted to let my view be known. it won't happen again--as far as posting is concerned. and, you are right that there may be more security concerns opened up. but if a person is truly a "professional" their profession, hobby, or enthusiasm, then i don't see that extra "security concern" as much to worry about. and, as far as the program in question is concerned, it merely allows you to retrieve your windows logon password. as i have stated in this initial post as well as the post that got removed, i have used it on my own computer and of those who are close to me (friends and family).

But this is the internet and you have no idea who you are passing it on to or who will read the post later

again, you are right. but, on the flipside, just as when i leave my car at the dealer for an oil change, i don't know if some a**hole will rummage through my ashtray for loose change. just as i think that i'm going to my bank's homepage to check my checking account balance but i've inadvertently submitted my info on a spoofed website and some a**hole has my financial info to rob me blind--just because the thought of that exists and the reality of that is that it does exist, i'm not going to stop going to my bank's website just because of the threat.

i really wanted to post my view, that's all. i understand where you're coming from. and i'm really NOT trying to be an a**hole about it.

It is also why we have certain rules and regulations stating the kind of material that is and isn't allowed. As John says:
We need to remember that anyone can access the forums and read the posts (save for certain sub-forums), and that they can range from 10 years (and below) to 90+ years. We also need to remember that some people aren't as broad-minded as others. What some people simply laugh off, others find hugely offensive.

So true!

well, ... um... yeah? sure. as i have stated, it was an honest slip in an attempt to help. again, as i have stated, as far as intentionally posting anything else such as that, it won't happen again. broad minded--narrow minded--somewhere in between--if this were a forum dedicated to the art of assassination, and someone posted a post stating how to do this and such, doesn't the blame lay with me if i'm the person who actally acted out and went out and assassinated someone? i'm willing to bet that 97% of the people who read this forum have some knowledge of "unscrupulous" computer techniques. again, as with potential, the burden of you doing damage with your "unscrupulous" computer knowledge lies completely and entirely on you. am i right?

and to reiterate, please don't think i'm trying to be a**hole-ish about this... i like the dialogue. i hope many more can give their opinion and input.

I read the forgotten password thread at the time as well as your eloquent writeup above. I'm just a n00b here and it's absolutely not my place to comment on the infraction business or how the admins choose to run this site, so I won't

What I did want to tell you though, since you seem to be well on your way to a great career in IT, is that you'll encounter ground rules and directives which are perhaps not immediately obvious or logical-sounding. One of them is "DO NOT ASSIST in the cracking of passwords, especially when you have no means of validating the requestor's identity and their ownership status w.r.t. that computer". In this case, chances are that the OP was entirely honest in their decription of the situation, but the point is that we can't tell - they could just as easily have stolen the machine and you could be aiding a crime which could cost someone dearly.

In order to ensure security, corporate networks frequently institute policies which might sound draconian at first. For example, even the mere presence of "black hat" attack tools on a machine on the network may be grounds for disciplinary action against that employee, even if there is absolutely no record of them having used those tools for mischief. Level 1 concern stems from tools like packet sniffers: "why is this end luser sniffing on the wire?!?" By the time you find l0phtcrack or something similar on their machine, there is little doubt about their intentions.

The distinction between "potential" and "action" which you speak of is all very well in legal and philosophical terms, but IT isn't about freedom to express one's self. It's (partially) about surviving a constant barrage of attacks at every level from sophisticated (and sponsored) corporate espionage, to the efforts of skiddiots with T-shirts like "forgive me father for I have SYNed". There is no point martyring yourself over an old rule which is not going to change in a hurry.

I've got a little daughter of my own and I truly know what you mean about "potential" when I watch her bashing her toys together. I hope you really get a lot out of IT!

you're quite right. obviously, i may have not given the thought process its full proper course, but the intent was genuine and good. i'm not trying to "martyr" myself nor am i "fighting the man" to get a rule changed. but straight to your point of "don't assist in the cracking of passwords," my opinion was/is such that it is one thing if i were to post the steps in which to do said item and it is an entirely different thing if i merely point you in the way to go (so that you can do it yourself). the application is freely available on a popular open source website (don't know if i'm allowed to use their name ). this is the off-topic section of the forum and just wanted to post my view--that's all. as i stated in the post prior to this one, i wanted to hear the feedback, that's all. i learn from coming here and all of this helps me too. i appreciate the input.