Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Windows XP Login Hack

  1. #21
    Senior Member faust's Avatar
    Join Date
    Oct 2001
    Location
    Chicagoland/Murphysboro
    Posts
    105
    Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB's internal storage, and hide them as "deleted" files. Alternatively, the device can simply plant spyware, or even compromise the operating system. Two features that make this possible are the Windows AutoRun facility and the ability of peripherals to use something called direct memory access (DMA). The first attack vector you can and should plug; the second vector is the result of a design flaw that's likely to be with us for many years to come.

    http://www.schneier.com/blog/archive...g_compute.html

  2. #22
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Ehhmmm... USB doesn't use DMA. Firewire does..

    Autorun doesn't work when the machine is locked.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #23
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    WEll, I think faust's reply is completely out of topic.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  4. #24
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    The most vulnerable thing with any computer is the person sitting in front of it.

    I can't see how not putting a password on the Administrator account can be seen as a vulnerability.

    It comes down to user error in my eyes......if you don't put a password on an account then what is to stop someone logging on with it? Nothing.

    I can understand MS not shipping it with a password - as it would have to be the same default password on every installation, which is tantamount to not having a password in the first place.

    If they used different password, then not only would it be an administrative nightmare, they would also have some pissed off dumb users who couldn't work out what the password is.

    Agreed they should force a user to initially set a password in XP home (XP Pro does prompt for one) but residential users don't like being forced to do anything and MS is at the end of a day a business like any other and needs to keep their home user customer base happy.
    Last edited by Nokia; June 20th, 2007 at 02:08 PM.

  5. #25
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I think that faust's underlying concept is that if you don't have physical security then you can be owned?

    I can understand MS not shipping it with a password - as it would have to be the same default password on every installation, which is tantamount to not having a password in the first place.
    That is very true, but I do agree that home editions should at least prompt for a password and let the user decide.

    Agreed they should force a user to initially set a password in XP home (XP Pro does prompt for one) but residential users don't like being forced to do anything and MS is at the end of a day a business like any other and needs to keep their home user customer base happy.
    Yes, the approach is consistent with earlier domestic versions of Windows, but domestic computers are now at much more of a risk than they were back then.

Similar Threads

  1. Copying updates
    By Cider in forum Operating Systems
    Replies: 10
    Last Post: March 21st, 2006, 09:30 PM
  2. Windows 2000 Tips
    By Nokia in forum Tips and Tricks
    Replies: 0
    Last Post: June 12th, 2004, 05:13 PM
  3. OSs: What're they all about?
    By Jehnny in forum Other Tutorials Forum
    Replies: 1
    Last Post: November 15th, 2003, 02:49 AM
  4. Windows Registry Giude
    By Ennis in forum Other Tutorials Forum
    Replies: 10
    Last Post: June 16th, 2002, 07:19 PM
  5. OS History and other info.
    By Remote_Access_ in forum Security Archives
    Replies: 9
    Last Post: January 12th, 2002, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •