Attonbitus Deus <[EMAIL PROTECTED]> writes:
> > Considering how frequently most people tend to reuse passwords, this is
> > a pretty strong statement. Since Microsoft states that the folder
> > password is "not related in any way to the user's network logon
> > password" with such confidence, that would seem to imply a mechanism
> > that prohibits password reuse when establishing the folder compression
> > password.
>
> What would you have them say? "... the folder password is not related in any
> way to the user's network logon, unless of course they use the same
> password, which technically would still be unrelated, but stupid. It is
> also not related to the users' ATM PIN number, unless of course they use
> their PIN as their password which would again be unrelated, but even more
> stupid."
Their ATM PIN number has nothing to do with Windows. Not so for their logon
password.
I think the point is that "not related in any way" is an overstatement.
Microsoft loves to use phrasing like that in their security bulletins to try
to minimize perceived severity (like how they'll always say "allows
attackers to view BUT NOT CHANGE any file on the local machine").
They should have just said something like "The password at issue here is
distinct from the user's network logon password."
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
[EMAIL PROTECTED] | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
