Computer news, reviews, humor, and practical information, for better or for worse, from a computer technician's on-the-job experiences.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Windows XP Passwords Rendered Useless A new vulnerability has been discovered that would allow anyone with access to a computer running Windows XP to bypass the password security and gain unfettered access to the hard drive.- Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
- Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
- The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
- Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.
While one does need physical access to the machine to exploit the flaw, this will be little comfort to the administrators of academic computer laboratories and other facilities where users can easily pop a CD-ROM into a computer.
Several Microsoft executives have reportedly been notified of the vulnerability, but no response has been made. Read about Microsoft's Trustworthy Computing Initiative.
Solution: Kiosks, machines in academic environments, etc., should at least be secured by changing the boot sequence to not allow booting from CD or floppy, and then a BIOS level password set. Super paraniod: put a lock on the computer case, use NTFS 5.1 and encrypt the file system.
Source: Brian's Buzz on Windows
|
home