-
June 17th, 2007, 09:33 AM
#21
Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB's internal storage, and hide them as "deleted" files. Alternatively, the device can simply plant spyware, or even compromise the operating system. Two features that make this possible are the Windows AutoRun facility and the ability of peripherals to use something called direct memory access (DMA). The first attack vector you can and should plug; the second vector is the result of a design flaw that's likely to be with us for many years to come.
http://www.schneier.com/blog/archive...g_compute.html
-
June 19th, 2007, 09:57 AM
#22
Ehhmmm... USB doesn't use DMA. Firewire does..
Autorun doesn't work when the machine is locked.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 19th, 2007, 10:27 AM
#23
WEll, I think faust's reply is completely out of topic.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
-
June 20th, 2007, 02:04 PM
#24
The most vulnerable thing with any computer is the person sitting in front of it.
I can't see how not putting a password on the Administrator account can be seen as a vulnerability.
It comes down to user error in my eyes......if you don't put a password on an account then what is to stop someone logging on with it? Nothing.
I can understand MS not shipping it with a password - as it would have to be the same default password on every installation, which is tantamount to not having a password in the first place.
If they used different password, then not only would it be an administrative nightmare, they would also have some pissed off dumb users who couldn't work out what the password is.
Agreed they should force a user to initially set a password in XP home (XP Pro does prompt for one) but residential users don't like being forced to do anything and MS is at the end of a day a business like any other and needs to keep their home user customer base happy.
Last edited by Nokia; June 20th, 2007 at 02:08 PM.
-
June 20th, 2007, 03:09 PM
#25
I think that faust's underlying concept is that if you don't have physical security then you can be owned?
I can understand MS not shipping it with a password - as it would have to be the same default password on every installation, which is tantamount to not having a password in the first place.
That is very true, but I do agree that home editions should at least prompt for a password and let the user decide.
Agreed they should force a user to initially set a password in XP home (XP Pro does prompt for one) but residential users don't like being forced to do anything and MS is at the end of a day a business like any other and needs to keep their home user customer base happy.
Yes, the approach is consistent with earlier domestic versions of Windows, but domestic computers are now at much more of a risk than they were back then.
Similar Threads
-
By Cider in forum Operating Systems
Replies: 10
Last Post: March 21st, 2006, 09:30 PM
-
By Nokia in forum Tips and Tricks
Replies: 0
Last Post: June 12th, 2004, 05:13 PM
-
By Jehnny in forum Other Tutorials Forum
Replies: 1
Last Post: November 15th, 2003, 02:49 AM
-
By Ennis in forum Other Tutorials Forum
Replies: 10
Last Post: June 16th, 2002, 07:19 PM
-
By Remote_Access_ in forum Security Archives
Replies: 9
Last Post: January 12th, 2002, 03:02 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|