Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.


Welcome to AstaHost - Dear Guest , Please Register here to get Your own website. - Ask a Question / Express Opinion / Reply w/o Sign-Up!

Toggle shoutbox Shoutbox

@ agyat	:	(24 May 2013 - 05:15 PM) O Dear, Where Are You? Without Your Words This Sb Is ..
@ agyat	:	(23 May 2013 - 01:23 AM) Wow! Mr. Sb Back Home.
@ OpaQue	:	(23 May 2013 - 12:44 AM) Ting
@ OpaQue	:	(24 April 2013 - 02:44 PM) I guess, Time to run Mycent script.
@ OpaQue	:	(24 April 2013 - 02:43 PM) wow.. not much spam. except habatt posting lot of links..
@ yordan	:	(23 April 2013 - 01:04 PM) You're welcome, agyat. Nice to have been helpful. Second lesson: try full words, "you" instead of "EW".
@ agyat	:	(23 April 2013 - 05:03 AM) @YORDAN: tHANK EW FOR YOUR FIRST LESSON.
@ yordan	:	(22 April 2013 - 09:43 PM) @agyat : "why don't you help me", or "please help me", or "please teach us"
@ yordan	:	(22 April 2013 - 09:42 PM) welcome back, velma
@ velma	:	(22 April 2013 - 07:51 AM) yawns Good to be back, wonder what is going on here
@ agyat	:	(22 April 2013 - 03:50 AM) Oh! so, why don't help me learn english..
@ yordan	:	(21 April 2013 - 08:38 PM) The goal mentioned by shiu : "learning english, learning computer"
@ agyat	:	(21 April 2013 - 06:31 PM) WHAT GOAL?
@ yordan	:	(20 April 2013 - 10:39 AM) yes, that's our goal. simultaneouly learning English and teaching/learning computer using.
@ shiyu	:	(20 April 2013 - 07:30 AM) learning english,learning computer
@ yordan	:	(19 April 2013 - 01:11 PM) Oh, I see, it's just a trick in order to force people looking at your texte. Somehow smart, maybe.
@ agyat	:	(19 April 2013 - 02:54 AM) And of course I know it is not SEO friendly.
@ agyat	:	(19 April 2013 - 02:52 AM) There may be two possible answers for that .... 1) Shout was posted using mobile keypad. 2) To force people read content carefully and/or with more concentration.
@ agyat	:	(19 April 2013 - 02:49 AM) There may be two possible answers for that ....
@ yordan	:	(18 April 2013 - 09:35 PM) however, why this mixing of capital letters in the middle of your text?

Replying to Windows Xp (a Security Flaw)

Post Options

Enable emoticons?

Enter Your Name

Security Check *

[quote name="NilsC" post="11648" timestamp="1104366046"] [b][size=4][color=red]You can bypass Windows XP passwords by using a W2k boot disc![/color][/size][/b] M$ tried to make XP the securest version of Windows OS. This hole in the security are the norm not the exception! Since the flaw was found, why not use it for something. [img]http://www.astahost.com/public/style_emoticons/#EMO_DIR#/huh.png[/img] So if you are the proud owner of a w2k CD or have access to one, just pop it into the CD rom and boot the computer. Now you can go into the W2k recovery console. If you use a W2K CD on a W2K computer you need a password to start the recovery console, no such thing in XP. In recovery console you can now access all files on the computer you can copy and paste them to a disk or or other removeable media - memory stick anyone! So with unrestricted access to the computer it does not matter if you password protected the forlders any file by any owner can be accessed. This now opens the door for that same person to install programs. They can setup a backdoor program and grant themsef full access or what if a nice keystroke logger was installed. Next time they have access to the computer they can retrieve that data and get passwords you used. On a XP pro you can at least protect your files with EFS (encrypted file system) if you have installed XPP with NTFS. With XP Home you are out of luck, EFS are not enabled with the home version. If you are usig a computer in a place like a college campus, at work, for travel or at home with multiple users you can turn on 1 protection. (this works for desktops and laptops alike) [b]Turn on the [size=4][color=red]BIOS Password[/color][/size][/b] with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place. Nils[/quote] [quote name="NilsC" post="11648" timestamp="1104366046"] [b][size=4][color=red]You can bypass Windows XP passwords by using a W2k boot disc![/color][/size][/b] M$ tried to make XP the securest version of Windows OS. This hole in the security are the norm not the exception! Since the flaw was found, why not use it for something. [img]http://www.astahost.com/public/style_emoticons/#EMO_DIR#/huh.png[/img] So if you are the proud owner of a w2k CD or have access to one, just pop it into the CD rom and boot the computer. Now you can go into the W2k recovery console. If you use a W2K CD on a W2K computer you need a password to start the recovery console, no such thing in XP. In recovery console you can now access all files on the computer you can copy and paste them to a disk or or other removeable media - memory stick anyone! So with unrestricted access to the computer it does not matter if you password protected the forlders any file by any owner can be accessed. This now opens the door for that same person to install programs. They can setup a backdoor program and grant themsef full access or what if a nice keystroke logger was installed. Next time they have access to the computer they can retrieve that data and get passwords you used. On a XP pro you can at least protect your files with EFS (encrypted file system) if you have installed XPP with NTFS. With XP Home you are out of luck, EFS are not enabled with the home version. If you are usig a computer in a place like a college campus, at work, for travel or at home with multiple users you can turn on 1 protection. (this works for desktops and laptops alike) [b]Turn on the [size=4][color=red]BIOS Password[/color][/size][/b] with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place. Nils[/quote]

or Cancel

Topic Summary

Yes.. so what !?

Computer securety cannot protect a computer againsed anyone who has physical access.

even if you set a bios password, anyone can open up the case and flip out the battery, or shortout the CMOS jumpers.

any encrypted password can be changed with HASH INSERTION.

the hard disk can be removed, placed into anouther machine where an attacker has root access, then again, passwords changes with hash insertion.

if you need to protect your files, then encrypt your home partiton, that way, even if your computer is stolen, your data is safe.

this is basically like saying your car securety is useless againsed anyone who has your keys.

wanhafizi

Posted 02 January 2005 - 08:11 PM

protect your server?

use your bios settings;
1. set to ONLY boot from your hd;
2. set passwords for your bios.

get that? now nobody can boot your system using other boot disk/cd. it cannot be breached. the only people that can override that are the one who have physical access to the servers and able to reset the CMOS jumpers.

NilsC

Posted 01 January 2005 - 03:47 AM

I know the exploit is not a new one. I have bios password on all the xp computers at work due to this exploit.

Thanks for the link to one of the articles.

For an OS that are supposed to be security oriented I consider this a flaw. My place of work are considering removing all the cd / dvd players in user pc's and the 3.5" disks are gone in most og them also.
For a home school environment it may not be a flaw, for work it's a flaw. I can hang out after hours and hack someone elses computer ! (Wait! I can do that I"m the admin...

) As for security flaws, I hate all the messenger programs that are in use.. .

Nils

jipman

Posted 31 December 2004 - 10:24 PM

Ehm dude? I don't see the flaw? If i want to get on a NTFS partition I boot Knoppix with NTFS support, it even boots from floppy. If you have physical access to the computer and the data is NOT encrypted, chances are that 99 out of 100 times you can at least READ the data. Booting another OS would do, or the w2k boot disc.

Anyways, this so called 'exploit' was found quite a while ago.

http://www.ms-bs.com...article&sid=542

NilsC

Posted 31 December 2004 - 06:00 PM

AS for windows XP, The bootdisks purposely access the part of the drive and check if the system is accessible, and if it is, it is designed to ask for authorisation.

Do I got a point here ?
<{POST_SNAPBACK}>

I think you just said the solution, "if the system is accessible" xp does it for xp w2k does it for w2k. I have not tried the other way around.. I have a w2k server that is scheduled for a restart this weekend. I'll try to put the xp recovery disk in it to see if it bypasses the password sequence.

what is it looking at to deem it accessible? a registry key? add one for w2k. Does it check bios? I have to read up on that. I have the resource kit documentation for xp pro so maybe I can find something there.

As for a point... off course you can have a point....

Nils

OpaQue

Posted 31 December 2004 - 05:44 PM

The solution are a patch that chagnes the permission for boot disks, xp works in XP. w2k works in w2k both are password protected. There should be an easy task to add code for the xp os to prompt for a password when w2k is in the cd drive. The technology is already there to prompt for a pwd it's already working for xp

aah.. I am confused. I dont think there are any files in HDD which grant access to these CD's.. If there is, the patch is possible. But if the files on the HDD make no diffrence for the Bootdisk. The bootdisk can work its way out to the data and open the way for people to access it.

AS for windows XP, The bootdisks purposely access the part of the drive and check if the system is accessible, and if it is, it is designed to ask for authorisation.

Do I got a point here ?

NilsC

Posted 31 December 2004 - 03:05 PM

just wondering NilsC, you want to be good network admin?
<{POST_SNAPBACK}>

Do you mean here or in real life?

because that's what I do for a living...

Nils

r3d

Posted 31 December 2004 - 03:54 AM

just wondering NilsC, you want to be good network admin?

NilsC

Posted 30 December 2004 - 12:57 AM

You are right, if you pop a XP disk in the recovery console it asks for the Administrator password. Pop the W2k disk in and you start the W2k recovery console and bypass the whole XP system including passwords on files and folders.

The solution are a patch that chagnes the permission for boot disks, xp works in XP. w2k works in w2k both are password protected. There should be an easy task to add code for the xp os to prompt for a password when w2k is in the cd drive. The technology is already there to prompt for a pwd it's already working for xp.

Nils

OpaQue

Posted 30 December 2004 - 12:41 AM

Turn on the BIOS Password with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place.

I wonder if Microsoft can actually release a Patch for this one.

I assume that the Boot disk does not interfere with the boot files already stored on the system. It loads up in memory seperately and accesses the drive and there is absolutely nothing between its path to stop it and ask for authorisation. And may be because of this, the other security systems except EFS failed. So until and unless those files are not encrypted, developing a patch for the above flaw is difficult.

The patch that will be released will have to protect the files compltely just like EFS. So instead of developing a new system altogether for encryption, microsoft might go with the EFS thing. So in the next patch, microsoft may decide to enable EFS for WinXP home edition which is again going to cost microsoft a lot.

Well this is only a thought..

Review the complete topic (launches new window)