Password Crack

[JE McGimpsey]

OK, so the availability of Office 2003 in Warez groups means that robbing
the legitimate publisher of the software is all right?

Please. The situation is not even remotely the same. The availability of
a commercial package that is never distributed via warez sites means
that downloading Office 2003 from those sites is presumably always
illegal.

There are, however, many legitimate uses for removing passwords. There
is nothing in any license agreement, much less law (at least in the US),
that restricts someone's ability to access files that they own or are
legally entitled to, by removing the password protection. There are
companies that have provided these legitimate services for decades, and
there have been free methods for many protections for nearly as long.

Given that even a moderately close reading of the Office license
agreement makes it clear that Microsoft doesn't represent that any
Office application is fit for any particular purpose, it's clear that MS
is not claiming that removing the protection violates its license, or
even that it's wrong.

The only other reason it would be illegal is if the person removing the
protection doesn't have the legal right to the information. That is not
a technical issue, and given that there are legitimate reasons for
removing the protection, I see absolutely no reason for people not to
avail themselves of legal services.

The fact that some misguided people rely on Office protection schemes to
keep their information secure, despite Microsoft's own explicit claim to
the contrary, and despite the plainly available free and commercial
methods of removing them, shouldn't limit the legal users from
recovering their information.

 

[JE McGimpsey]

The sensible response would be to tell the OP to contact a local
computer shop who can send someone on site, verify the legitimacy of
the request and act accordingly.

"Sensible"? Who would you suggest is regulating the local computer
shops? What makes *them* trustworthy? What criteria would they use? What
if, as in many parts of my state, the "local" computer shop is 50+ miles
away?

I just called two local computer shops, and asked them how to bypass my
Word and Excel protection. None of them knew, nor were they interested
in making a house call. Nor could they tell me how they would determine
that someone's request was legitimate.

Sensible? Lunacy!

All you've done is attached an intermediary with a price tag to the
same solution that was posted here.

 

[Harlan Grove]

Echo S wrote...

IMO, we should call a halt to this thread. It isn't helping the original
poster at all.

So? Where is it written that all responses in every thread must benefit
the OP? For that matter threads such as these show which respondents
know what they're talking about only in their narrow fields of
expertise and are otherwise clueless.

 

[Harlan Grove]

David R. Norton MVP wrote...

OK, so the availability of Office 2003 in Warez groups means that robbing
the legitimate publisher of the software is all right?

I can't see the ready availability of cracks is justification for using
them.

....

As even you have pointed out by your ridiculous suggestion for an
on-site support call, there are occasions on which it's legitimate to
remove passwords. When are there legitimate occasions to download
commercial software?

Your argument is similar to saying that because handguns are often used
to commit violent crimes, one should never tell anyone where the
nearest gun shop is located, and besides it's illegal to buy .50
machine guns!

And how do you know he used his real name? I notice while you're defending
him you use the word "presumably" so is it possible you also have some
doubts?

Did you miss the word 'presumably' or do you not understand its
meaning?

The point is that you can either assume posters have legitimate or
illegitimate intent. If you believe they have illegitimate intent, you
won't prevent those of us who assume legitimate intent from replying.
So what is the point of your participation in these cases? Parading
your own self-impotant sense of moral rectitude would seem to be the
only purpose served.

MHO differs from yours. Next next time I see some disreputable person trying
to open a new luxury car with a coat hanger should I just assume it's his car
and he has a right to it? Isn't that pretty similar to what you're saying?

Not quite accurate in this case.

The analogy would be closer to Eric can't get into a particular car, he
hasn't stated explicitly that it's his car, and it's pretty clear he
can't open it on his own. He doesn't like the price quoted by Moe's
Garage to open the lock and has asked for cheaper alternatives. Some
other posters have directed him to AAA. Presumably AAA would want to
remain in business so would check that Eric had legal standing to open
the file in order to avoid being criminal accessories.

Despite this obvious chain of reasoning, in gallop the net-nannies to
claim that this COULD be illegal, so no one should offer to help Eric.

 

[Harlan Grove]

JoAnn Paules [MSFT MVP] wrote...

Excellent advice, David! But of course, no one ever wants to actually pay
for such services.

....

And how many computer shop employees know how to remove passwords from
Office documents?

How many computer shop employees know how to tell whether person A has
legal standing to open any particular file? Now specialists in the
field would because they'd know their livelihoods depended on it, but
the average 24-year-old selling iPods and blank CD-Rs?

Are either you or David familiar with how easy it is to make any file
appear to below to any person? A could open a password-protected
computer file in a hex editor then save it to a harddrive or network
drive, thus changing the file ownership information. For files under
64KB, Windows still provides DEBUG.COM which can be used to do this.
Nuts, A could simply e-mail the file to himself from a web mail account
(which won't provide any ownership tags Outlook/Exchange might) and
detach the received copy. Granted the creation and modification dates
would be the same (a dead give-away), so use a touch utility a day or
so afterwards to change the access and modification times. How would
the proverbial computer shop employee be able to tell anything?

But at least you recognized the issue of cost, which was the OP's
original concern.

 

[David R. Norton MVP]

JoAnn Paules [MSFT MVP] wrote...

Excellent advice, David! But of course, no one ever wants to actually pay
for such services.

...

And how many computer shop employees know how to remove passwords from
Office documents?

Every one I've ever encountered.

How many computer shop employees know how to tell whether person A has
legal standing to open any particular file?

It's not difficult, going into a company site and having a person in
authority is reasonable indication, going into a private home and seeing a PC
simply requires asking.

But at least you recognized the issue of cost, which was the OP's
original concern.

And you fail to realize the major point that cost is completely immaterial.
The OP will have to pay whatever the going rate may be.

 

[Harlan Grove]

David R. Norton MVP wrote...

Every one I've ever encountered.

Then your experience is either severely outdated or unrepresentative.

It's not difficult, going into a company site and having a person in
authority is reasonable indication, going into a private home and seeing a PC
simply requires asking.

So all an IP thief would need to do is make a copy of a file, take it
home, copy it onto his own PC, call the shop and tell them his impish
nephew Bobby was playoing around on his PC and password protected his
customer list? And that proves legal access how?

And you fail to realize the major point that cost is completely immaterial.
The OP will have to pay whatever the going rate may be.

Perhaps cost is immaterial to you.

Did you read the OP? Cost seems to have been the OP's primary reason
for posting. *IF* there were free document password crackers, then the
OP wouldn't have to pay anything, would he? Well, perhaps online
connect time if he isn't on a fixed rate plan, and if you want to be
extremely exacting, there would be some opportunity cost to the OP's
time spent downloading and using up disk storage for such software. But
the cost would be a pittance if there were free software to do this.

Beyond that, the cost of on-site service would likely exceed the cost
of the on-line service the OP thought too expensive.

Other than displaying your self-conceived sense of moral superiority,
why did you bother participating in this thread? Clearly not to help
the OP.

 

[JE McGimpsey]

And how many computer shop employees know how to remove passwords from
Office documents?

Every one I've ever encountered.[/QUOTE]

You've asked at every computer shop? Or have you just not encountered
many? That differs significantly from my experience. The shops I work
with have nobody who's trained to do so. None of them knew that removing
a VBA password takes about 30 seconds with a hex editor (1 second if you
script it).

How many are willing to make house calls? How many are willing to take
on the liability for damages, including bonding? How many do more than
cursory background checks on their employees? How many even have an
interest in providing that service?

It's not difficult, going into a company site and having a person in
authority is reasonable indication

Hmmm...what authority is necessary? How do I know someone is "in
authority"? If you're talking liability to the computer shop for an
improperly unprotected file, a prudent computer shop owner would need a
heck of a lot of assurance, at a similarly inflated price.

going into a private home and seeing a PC
simply requires asking.

Now that's just laughable. So the person (not in authority) at the
company site takes the file home, and can have it unprotected just for
the asking?

You're trying to portray Office protection schemes as somehow more than
they are - more than Microsoft claims them to be. Protection is not
absolute - XL's worksheet and workbook protection are useful to keep
honest users from accidently overwriting formulas, that's *it*!!!! File
protection can keep casual snoopers out of the file, but even that
doesn't encrypt it - with a hex editor and a reasonable guess as to the
data layout and tokenization, you can reconstruct a workbook without
unprotecting it. It's a lot more work, of course...

 

[David R. Norton MVP]

David R. Norton MVP wrote...

Then your experience is either severely outdated or unrepresentative.

No, you're just being argumentative.

So all an IP thief would need to do is make a copy of a file, take it
home, copy it onto his own PC, call the shop and tell them his impish
nephew Bobby was playoing around on his PC and password protected his
customer list? And that proves legal access how?

Pretty hard to discuss anything with one who won't read or comprehend, we'll
drop this one. But it's really not that difficult.

Perhaps cost is immaterial to you.

It's not immaterial to me, it's immaterial to this discussion. Everyone
would like to have everything free, if that's not possible then you have to
pay whatever the price might be.

Other than displaying your self-conceived sense of moral superiority,
why did you bother participating in this thread? Clearly not to help
the OP.

No, just to point out your very disturbing lack of morals. But you probably
won't understand that, either. You'll make some more silly comments about
"net nannies" and continue to belittle people who don't believe in stealing.

I'm done with you.

 

[David R. Norton MVP]

Every one I've ever encountered.

You've asked at every computer shop? Or have you just not encountered
many?[/QUOTE]

As stated, everyone I've ever encountered.

That differs significantly from my experience. The shops I work
with have nobody who's trained to do so. None of them knew that removing
a VBA password takes about 30 seconds with a hex editor (1 second if you
script it).

The competency or lack thereof of the shops you've encountered isn't relative
to the discussion. There are shops that can do so.

How many are willing to make house calls? How many are willing to take
on the liability for damages, including bonding? How many do more than
cursory background checks on their employees? How many even have an
interest in providing that service?

Every one I've ever encountered for businesses, not many for personal
computers but it's not a major problem to haul a single box into the shop.

There's nothing difficult about it for anyone with a bit of experience.

Hmmm...what authority is necessary? How do I know someone is "in
authority"?

Ridiculous comeback and you know it.

Now that's just laughable. So the person (not in authority) at the
company site takes the file home, and can have it unprotected just for
the asking?

Nope. Not if the repair person has moderate intelligence and experience.

You're trying to portray Office protection schemes as somehow more than
they are - more than Microsoft claims them to be. Protection is not
absolute - XL's worksheet and workbook protection are useful to keep
honest users from accidently overwriting formulas, that's *it*!!!! File
protection can keep casual snoopers out of the file, but even that
doesn't encrypt it - with a hex editor and a reasonable guess as to the
data layout and tokenization, you can reconstruct a workbook without
unprotecting it. It's a lot more work, of course...

Above is completely unrelated to the discussion.

One more time, the point is someone has a password protected file and asks
this group how to remove the password protection. Several people jump right
in w/o ever asking if the OP has any right to the file.

That's completely unacceptable. Anyone who password protects a file does so
for a reason and someone asking to breaking that protection is suspicious.
If the OP had a right to the file, why didn't he ask the owner for the
password?

Try reviewing the thread, the OP never ever stated any reason for wanting to
crack the file but some here just assumed he had a right to do so.

You should all be ashamed of yourselves but I know you won't be...

Don't bother replying, I'm done with you.

 

[Peter Foldes]

Sorry to jump in here but how many of you remember the old Microsoft server newsgroup MSNNEWS. This goes back to 95. It was moderated at the time.

There was a post there in 95 where someone posted that he set up the Content Advisor so his kids will not be able to get into certain sites. Now he said that he forgot the Password and needed help. He had numerous answers on how to get around it and open it.

Well about a month later in the newspapers and TV there was the story that a Father is suing MS and that newsgroup for telling his child on how to get rid of that password . BTW he won the case and a large some of money.

The point is you do not know who is who and what is what.

Today that child that did that is not allowed near a computer for another 3 yrs. His nickname was the Mafia Boy. Yep the same one that made National and International headlines when he hacked IBM,MS,Governments etc.

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Every one I've ever encountered.

You've asked at every computer shop? Or have you just not encountered
many? That differs significantly from my experience. The shops I work
with have nobody who's trained to do so. None of them knew that removing
a VBA password takes about 30 seconds with a hex editor (1 second if you
script it).

How many are willing to make house calls? How many are willing to take
on the liability for damages, including bonding? How many do more than
cursory background checks on their employees? How many even have an
interest in providing that service?

It's not difficult, going into a company site and having a person in
authority is reasonable indication

Hmmm...what authority is necessary? How do I know someone is "in
authority"? If you're talking liability to the computer shop for an
improperly unprotected file, a prudent computer shop owner would need a
heck of a lot of assurance, at a similarly inflated price.

going into a private home and seeing a PC
simply requires asking.

Now that's just laughable. So the person (not in authority) at the
company site takes the file home, and can have it unprotected just for
the asking?

You're trying to portray Office protection schemes as somehow more than
they are - more than Microsoft claims them to be. Protection is not
absolute - XL's worksheet and workbook protection are useful to keep
honest users from accidently overwriting formulas, that's *it*!!!! File
protection can keep casual snoopers out of the file, but even that
doesn't encrypt it - with a hex editor and a reasonable guess as to the
data layout and tokenization, you can reconstruct a workbook without
unprotecting it. It's a lot more work, of course...[/QUOTE]

 

[JE McGimpsey]

Nice fairy tale.

MafiaBoy was a Canadian teenager that perpetrated a DOS attack on Yahoo,
Dell, eBay, Amazon.com, etc. - not "hack(ing) IBM,MS,Governments etc.".

He was sentenced to 8 months in detention plus one year of probation,
which would have been up 2 years ago. His sentence didn't include any
long-term restriction on computer use.

His dad, btw, was arrested the same day as MafiaBoy was for taking out a
contract on a business colleague. Might that have anything to do with
anything?

Given that Content Advisor password removers are still sold, and free
hacks are still posted, if your 95 anecdote is true (I couldn't find
anything via Google, though it didn't sound unfamiliar), it certainly
didn't set much of a precedent.

How does one sue a newsgroup, anyway? Where and to whom would the suit
be served?

 

[Sandy Mann]

No, you're just being argumentative.

What Harlan? Never! <g>

 

[Peter Foldes]

Not a fairy tale at all and that teenager lives directly across the street from me here in Montreal (Ile Bizard). I was also quizzed by the authorities since my son is friends with him and he came over often and I was working with computers for a living. I had my systems at the time removed by the RCMP\FBI\Local Police and was retuned to me after 3 weeks. Was very embarrassing to all.

Like I said you never know who is who and what is what.

 

[Peter Foldes]

My answers are in line

MafiaBoy was a Canadian teenager that perpetrated a DOS attack on Yahoo,
Dell, eBay, Amazon.com, etc. - not "hack(ing) IBM,MS,Governments etc.".

Jeff was 14 yrs old at the time. And yes he did hack in there. The records on his HD when examined did show. That is why you had this commotion with top US law enforcement agencies also coming here. This is on record which is public and can be viewed here at the Palais of Justice by anyone

He was sentenced to 8 months in detention plus one year of probation,
which would have been up 2 years ago. His sentence didn't include any
long-term restriction on computer use

Yes it did. He has 3 more yrs left. He cannot come over here but my son goes over to his house.

He was sentenced to 8 months in detention plus one year of probation,

That was house detention and was able to go out for only schooling. His probation was for 4 yrs.

How does one sue a newsgroup, anyway? Where and to whom would the suit
be served

Microsoft Canada was sued. Microsoft Canada has since been closed and is no longer here.

 

[JE McGimpsey]

One more time, the point is someone has a password protected file and

asks this group how to remove the password protection. Several
people jump right in w/o ever asking if the OP has any right to the
file.

OK. Say someone asks if the OP had a right to the file. The OP replies
"yes, it's mine". Now what?

That's completely unacceptable.

Because...?? Are we obligated to ask questions that have no probative
value? Obligated by what or whom?

Anyone who password protects a file does so for a reason and someone
asking to breaking that protection is suspicious.

Assuming you meant "suspect", your syllogism is missing a premise. In
the *vast* majority of cases I've encountered, both in the newsgroups
and in my business, someone asking for help in removing protection has
a legitimate reason for doing so. That makes them in need of
assistance, not suspect.

If the OP had a right to the file, why didn't he ask the owner for the
password?

Assumption of facts not in evidence. Why do you *assume* the OP isn't
the owner?

Try reviewing the thread, the OP never ever stated any reason for wanting to
crack the file but some here just assumed he had a right to do so.

I can't vouch for anyone else, nor can I read their minds, but I didn't
assume anything one way or the other, because it doesn't matter. I'm
willing to help the legitimate user, and if the user has an illegitimate
purpose, the information I give is no more than what is already readily
available.

The competency or lack thereof of the shops you've encountered isn't relative
to the discussion. There are shops that can do so.

Assuming you meant "relevant", you've still made no explanation for why
a computer shop should have any special authority or competency to
determine ownership of a file.

Every one I've ever encountered for businesses, not many for personal
computers

You've checked that they're willing to assume the liability? I'm not
sure that speaks very well of the shop owner's judgement. How much do
they charge for the service?

What kind of check do they do on their employees?

but it's not a major problem to haul a single box into the shop.

Guess your time isn't particularly valuable. What about those that live
100+ miles from the nearest "shop"?

There's nothing difficult about it for anyone with a bit of
experience.

That's just daft. What is it about computer shop experience that gives
*any* special ability to determine legal issues? Most of the computer
repair people I know are no less susceptible to social engineering than
anyone else. As a small business owner, I wouldn't want to bet the
equity of my company on a repairman's credulity. The training I'd have
to give them wouldn't justify the expense, so I wouldn't provide that
service.

Ridiculous comeback and you know it.

Have you ever run your own business? What authorization criteria did
your bonding company use when deciding whether to bond you for a job?
How about your insurance company - if there's risk involved in providing
the service, do you think they're going to insure you for professional
liability if you don't have some criterion for determining who can
authorize you to break the protection?

If you think this is ridiculous, then the corollary is that you think
there isn't much risk involved for the shop owner, which undermines your
insistence that there must be some additional layer between the user and
help.

Nope. Not if the repair person has moderate intelligence and experience.

And here I thought you were suspicious. That claim isn't backed by every
day experience - people of moderate intelligence and experience are
socially engineered hourly. How much are you willing to bet that I
couldn't convince that moderately intelligent repairman that my claim is
valid?

Don't bother replying, I'm done with you.

Replies on newsgroups aren't necessarily personal - I'm mostly replying
to your argument, not you.

 

[JoAnn Paules [MSFT MVP]]

I just don't answer questions about how to break into files or where to find
bogus product IDs. There's no way to tell if the OP is telling the truth or
not when they say it's their file/program. If someone else chooses to
respond, that's their choice. I choose not to take the chance of aiding and
abetting.

 

[JoAnn Paules [MSFT MVP]]

Slam dunk.

(I'm sorry to hear that you were drawn into that mess.)

--

JoAnn Paules
MVP Microsoft [Publisher]



Not a fairy tale at all and that teenager lives directly across the street
from me here in Montreal (Ile Bizard). I was also quizzed by the authorities
since my son is friends with him and he came over often and I was working
with computers for a living. I had my systems at the time removed by the
RCMP\FBI\Local Police and was retuned to me after 3 weeks. Was very
embarrassing to all.

Like I said you never know who is who and what is what.

 

[Peter Foldes]

The reason I was draw in is Jeff and my son usually played games on the computer in the basement here. So I was suspect for my computers were also possibly used as was his at his residence

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Slam dunk.

(I'm sorry to hear that you were drawn into that mess.)

--

JoAnn Paules
MVP Microsoft [Publisher]



Not a fairy tale at all and that teenager lives directly across the street
from me here in Montreal (Ile Bizard). I was also quizzed by the authorities
since my son is friends with him and he came over often and I was working
with computers for a living. I had my systems at the time removed by the
RCMP\FBI\Local Police and was retuned to me after 3 weeks. Was very
embarrassing to all.

Like I said you never know who is who and what is what.

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Nice fairy tale.

MafiaBoy was a Canadian teenager that perpetrated a DOS attack on Yahoo,
Dell, eBay, Amazon.com, etc. - not "hack(ing) IBM,MS,Governments etc.".

He was sentenced to 8 months in detention plus one year of probation,
which would have been up 2 years ago. His sentence didn't include any
long-term restriction on computer use.

His dad, btw, was arrested the same day as MafiaBoy was for taking out a
contract on a business colleague. Might that have anything to do with
anything?

Given that Content Advisor password removers are still sold, and free
hacks are still posted, if your 95 anecdote is true (I couldn't find
anything via Google, though it didn't sound unfamiliar), it certainly
didn't set much of a precedent.

How does one sue a newsgroup, anyway? Where and to whom would the suit
be served?

 

[JE McGimpsey]

Jeff was 14 yrs old at the time.

Jeff? I thought it was Mike...

That was house detention and was able to go out for only schooling. His
probation was for 4 yrs.

Then the probation was lengthened post-sentencing:

http://www.fbi.gov/libref/factsfigure/cybercrimes.htm

(and yup, I should have written "of" instead of "in")

Microsoft Canada was sued. Microsoft Canada has since been closed and is no
longer here.

Still can't find a cite...I'd have thought a decision like that would
have been widely reported.