By www.microsoft.com
The information in this article applies to: 
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
This article was previously published under Q223301 
SUMMARY
This article discusses the security of the offline Security Accounts Manager (SAM) and the accounts in it.

Well Psychotic wrote one of the most helpful unix text files in cyberspace but with the mail that we recieved after the release of our famous 36 page Unix Bible we realised that unix isn't for everybody so we decided that we should write on another aspect of hacking..... Virtual Circuit and Psychotic is proud to release, "Hacking Webpages With a few Other Techniques." We will discuss a few various ways of hacking webpages and getting root. We are also going to interview and question other REAL hackers on the subjects.

By astalavista.net

The HTTP 1.x protocol has a built in mechanism for requiring a valid username/ password to gain access to web resources. This mechanism is known as HTTP Authentication and can be initiated by either a CGI script or by the web server itself.

By SLy FoX Another tutorial by the SLy FoX.If u have any questions u can   ask me at (no flames) This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

If u have to always click on the right arrow button at he bottom of your page because the tutorial keeps going of the page,and u find this time wasting u   can click on edit and then WORD WRAP   and your problem will be solved.

By security-protocols.com

Article pulled from Security-Protocols

Until a few years ago Internet security wasn't even recognized as a need. The culture of the Internet encouraged the sharing of data and ideas; the common goals of Internet users made boundaries and restrictions unnecessary--or so it seemed to many at the time.

© 2001 International Business Machines Corporation. All rights reserved.

Reprinted with permission from DB2 Magazine .

Let's face it: The topic of database security just doesn't turn heads the way benchmarking world records and reports of ever-shorter downtimes do. When was the last time you read a scintillating article about security tokens and encryption? But security breaches do turn heads - and can undermine customer confidence, as last year's well-publicized thefts of credit card numbers from a few e-businesses showed. Even if it's not the most exciting topic, security is a vital consideration for any business that uses a database management system. And, as more businesses participate in the e-space, it becomes particularly important to separate private from public data.

Author: beardednose
As more companies are deploying the multifunctional copier/printer/fax/ftp/email machines, they are leaving themselves open to attack. 
General multi-functional security issues
One of the issues that spans most of these types of machines across the manufacturers is that the audit trails are almost non-existent. In other words, you can ftp or email any document you want across the Internet (to a competitor or other evil-intentioned folk) without a full audit trail. Most of the machines will provide the ftp site or email address that the message was sent to, but the sender is not identified. A couple of manufacturers allow you to assign everyone a user ID code (usually 3 or 4 digits) that you have to enter to send anything, but I haven't seen this implemented at any of the companies I've visited.

In the field of computer forensics as in the field of law, procedures in criminal cases differ somewhat from those in criminal cases. The collection of data and presentation of evidence may be held to different standards, the process of data collection and imaging can be quite different, and the consequences of the case may have very different impacts.

By The Infinity Concept Issue II Ok.....

You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight.

The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing. WAIT! What's that!?!? A "#" ???? Finally! After seeming endless toiling, you've managed to steal root. Now what? How do you hold onto this precious super-user privilege you have worked so hard to achieve....?

By This e-mail address is being protected from spambots. You need JavaScript enabled to view it

This e-mail address is being protected from spambots. You need JavaScript enabled to view it '; document.write( '' ); document.write( addy_text77036 ); document.write( '<\/a>' ); //-->\n This e-mail address is being protected from spambots. You need JavaScript enabled to view it - the dangers of ftp conversions on misconfigured systems/ftpd (specifically wu-ftpd)