Windows 95 has two file access control methods, shared
and user. User mode requires an NT or Linux server which will allow
a user to logon to a "domain". Share mode only requires (optionally)
passwords given on each resource to be shared.
Microsoft Networking can be bound to tcp/ip, IPX or
NetBEUI. If a binding to tcp/ip is present, then any
computer on the net can ask the PC for a list of shares.
If the Windows directory is shared readable without a password,
the system registry file system.dat may be read. This
contains all the passwords for resource sharing coded in a simplistic
manner. Apart from network access, anyone with physical access to
the PC may copy this information.
Do NOT use a share "password" for anything else whatsoever (Unix, VMS,
NT logon, PPP etc.!
Users should try to avoid this situation by
Not binding tcp/ip to Microsoft networking
Not sharing \WINDOWS without a password
Click here to see what this server knows about
your smb shares.
PWL files
Windows password files (PWL), used for storing a wide variety
of passwords, including Website ones under IE, and anything for which you
didn't uncheck the "Save this password in your config" box,
appear to be safe for current (1997) Win95. However, there is a
password cracker for some early versions of Win95. That's not to say that
a tool might not appear which can crack the current PWL encryption,
by e.g. a dictionary attack. See the
passwords page for more information.