NilsC
Dec 30 2004, 12:20 AM
You can bypass Windows XP passwords by using a W2k boot disc!M$ tried to make XP the securest version of Windows OS. This hole in the security are the norm not the exception! Since the flaw was found, why not use it for something.  So if you are the proud owner of a w2k CD or have access to one, just pop it into the CD rom and boot the computer. Now you can go into the W2k recovery console. If you use a W2K CD on a W2K computer you need a password to start the recovery console, no such thing in XP. In recovery console you can now access all files on the computer you can copy and paste them to a disk or or other removeable media - memory stick anyone! So with unrestricted access to the computer it does not matter if you password protected the forlders any file by any owner can be accessed. This now opens the door for that same person to install programs. They can setup a backdoor program and grant themsef full access or what if a nice keystroke logger was installed. Next time they have access to the computer they can retrieve that data and get passwords you used. On a XP pro you can at least protect your files with EFS (encrypted file system) if you have installed XPP with NTFS. With XP Home you are out of luck, EFS are not enabled with the home version. If you are usig a computer in a place like a college campus, at work, for travel or at home with multiple users you can turn on 1 protection. (this works for desktops and laptops alike) Turn on the BIOS Password with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place. Nils
Comment/Reply (w/o sign-up)
OpaQue
Dec 30 2004, 12:41 AM
QUOTE Turn on the BIOS Password with a BIOS password in place the CD can not bypass and boot your computer. So until M$ releases a patch for this flaw, turn on BIOS password and make sure it's not the same as your regular password and store it in a secure place. I wonder if Microsoft can actually release a Patch for this one. I assume that the Boot disk does not interfere with the boot files already stored on the system. It loads up in memory seperately and accesses the drive and there is absolutely nothing between its path to stop it and ask for authorisation. And may be because of this, the other security systems except EFS failed. So until and unless those files are not encrypted, developing a patch for the above flaw is difficult. The patch that will be released will have to protect the files compltely just like EFS. So instead of developing a new system altogether for encryption, microsoft might go with the EFS thing. So in the next patch, microsoft may decide to enable EFS for WinXP home edition which is again going to cost microsoft a lot. Well this is only a thought..
Comment/Reply (w/o sign-up)
NilsC
Dec 30 2004, 12:57 AM
You are right, if you pop a XP disk in the recovery console it asks for the Administrator password. Pop the W2k disk in and you start the W2k recovery console and bypass the whole XP system including passwords on files and folders. The solution are a patch that chagnes the permission for boot disks, xp works in XP. w2k works in w2k both are password protected. There should be an easy task to add code for the xp os to prompt for a password when w2k is in the cd drive. The technology is already there to prompt for a pwd it's already working for xp. Nils
Comment/Reply (w/o sign-up)
r3d
Dec 31 2004, 03:54 AM
just wondering NilsC, you want to be good network admin?
Comment/Reply (w/o sign-up)
NilsC
Dec 31 2004, 03:05 PM
QUOTE (r3d @ Dec 30 2004, 10:54 PM) just wondering NilsC, you want to be good network admin? Do you mean here or in real life? because that's what I do for a living... Nils
Comment/Reply (w/o sign-up)
OpaQue
Dec 31 2004, 05:44 PM
QUOTE The solution are a patch that chagnes the permission for boot disks, xp works in XP. w2k works in w2k both are password protected. There should be an easy task to add code for the xp os to prompt for a password when w2k is in the cd drive. The technology is already there to prompt for a pwd it's already working for xp aah.. I am confused. I dont think there are any files in HDD which grant access to these CD's.. If there is, the patch is possible. But if the files on the HDD make no diffrence for the Bootdisk. The bootdisk can work its way out to the data and open the way for people to access it. AS for windows XP, The bootdisks purposely access the part of the drive and check if the system is accessible, and if it is, it is designed to ask for authorisation. Do I got a point here ?
Comment/Reply (w/o sign-up)
NilsC
Dec 31 2004, 06:00 PM
QUOTE (OpaQue @ Dec 31 2004, 12:44 PM) AS for windows XP, The bootdisks purposely access the part of the drive and check if the system is accessible, and if it is, it is designed to ask for authorisation. Do I got a point here ? I think you just said the solution, "if the system is accessible" xp does it for xp w2k does it for w2k. I have not tried the other way around.. I have a w2k server that is scheduled for a restart this weekend. I'll try to put the xp recovery disk in it to see if it bypasses the password sequence. what is it looking at to deem it accessible? a registry key? add one for w2k. Does it check bios? I have to read up on that. I have the resource kit documentation for xp pro so maybe I can find something there. As for a point... off course you can have a point.... Nils
Comment/Reply (w/o sign-up)
jipman
Dec 31 2004, 10:24 PM
Ehm dude? I don't see the flaw? If i want to get on a NTFS partition I boot Knoppix with NTFS support, it even boots from floppy. If you have physical access to the computer and the data is NOT encrypted, chances are that 99 out of 100 times you can at least READ the data. Booting another OS would do, or the w2k boot disc. Anyways, this so called 'exploit' was found quite a while ago. http://www.ms-bs.com/modules.php?name=News...article&sid=542
Comment/Reply (w/o sign-up)
NilsC
Jan 1 2005, 03:47 AM
 I know the exploit is not a new one. I have bios password on all the xp computers at work due to this exploit. Thanks for the link to one of the articles. For an OS that are supposed to be security oriented I consider this a flaw. My place of work are considering removing all the cd / dvd players in user pc's and the 3.5" disks are gone in most og them also. For a home school environment it may not be a flaw, for work it's a flaw. I can hang out after hours and hack someone elses computer ! (Wait! I can do that I"m the admin... ) As for security flaws, I hate all the messenger programs that are in use.. . Nils
Comment/Reply (w/o sign-up)
wanhafizi
Jan 2 2005, 08:11 PM
protect your server? use your bios settings; 1. set to ONLY boot from your hd; 2. set passwords for your bios. get that? now nobody can boot your system using other boot disk/cd. it cannot be breached. the only people that can override that are the one who have physical access to the servers and able to reset the CMOS jumpers.
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : windows, xp, security, flaw, protect, computer, multi, user
- What Do You Guys Think Of Windows 7?
The 'WoW' Starts 'NoW' (32)
Windows Black Edition
(13) Which version of windows is microsoft releasing after Vista?I heard that it is releasing microsoft
windows black /. Does anybody know about it?....
Disable Annoying Information Bar In Ie
"Your current security settings put your computer at risk" (15) Ever since Microsoft released SP2 I got realy annoyed by the fact the every single click has to be
verified because the operating system thinks you are stiill a noob. One of the more annoying
"features" is that windows asks everytime I want to open an executable that I downloaded or I want
to run over the network. Strange enough, this is not a windows-feature but an Internet Explroer
feature, so this is the place where we have to disable this. Now, because Internet Explorer thinks
mallware has changed this setting, it warns you in internet explorer with an message in the....
User Account Control
(22) I'm sure most of you know about Windows Vista's User Account Control. I was wondering if
there were any registry settings or anything that I could modify to force the UAC prompt to appear
when doing these tasks: Clicking the Start button Opening any folder Launching any application
Adjusting personalization settings Opening a new page in Internet Explorer (by that I mean typing
in a URL, from Favourites or by clicking a link) Turning off, sleep or restarting the computer
Modifying the Windows Sidebar Opening any file (mp3, document, anything) There's....
Windows 7
(14) when will microsoft release windows7? does it have any cool features or new feature? can anyone tell
me more about this ? thanks.......
Windows Xp Service Pack 3 - Updates
(12) its been a couple or more year, Microsoft haven't release a 3rd version of their service pack,
for Micorsoft's Windows XP. In the late 2007, Microsoft had announce of the release of their
Service Pack 3 for Microsoft Windows XP. Windows XP Service Pack 3 (SP3) is currently in
development. As of January 2008, Microsoft's web site indicates a "preliminary" release date to
be in the first half of 2008.A feature set overview has been posted by Microsof and details new
features available separately as standalone updates to Windows XP, as well as features backpor....
How To Login To An Expired Windows Vista System
based on How To Login To An Expired Windows Xp System (2) I just read How To Login To An Expired Windows Xp System . This gave me a nice Windows Vista
mini-tutorial. Notice!!! I'm not advertising piracy!! It's just a matter of having
the rights to access your files, and it doesn't approve that it restores the full function of
Windows Vista, and besides How To Login To An Expired Windows Vista System 1) Login until you go
unto the windows where it says that the Windows has expired. 2) Click on the purchase new serial
key. (yehey!!! /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="s....
Windows 98 Transfer
Just plug it in? (5) Ok as the other topic said, I am planning to purchase a new computer sometime soon. We have Windows
98 on the old machine and I don't want to throw it out just yet. I need Internet Explorer 6/5.5
for web page testing and obviously I can't run both Windows Internet Explorer 7 and 6 on Windows
XP. So I am planning to transfer the entire hard drive over to the new system. A few issues though:
Will Windows 98 with such "powerful" components? System has 512MB RAM, Intel Pentium 4 3GHz
processor, 7.1 sound card, integrated video card and DVD+RW burner are the main com....
User Account Control!
Help turn it off! (8) Does anyone know how to turn the user account control off? It's really annoying and it pretty
much comes up every time i try to use a windows program. I tried to contact microsoft support about
this but all they could respond with was, "we dont know what your trying to ask us". I'm pretty
sure it's going to be a registry hack or one in the control panel ->admin tools...please help me
on this asap! Thanks, Mike....
Windows Vista Is Awesome!
I've recently got Windows Vista and I've had very few problems (26) ATTENTION ALL READERS! WINDOWS VISTA IS AWESOME - I REPEAT - WINDOWS VISTA IS AWESOME! I think
Windows Vista is an incredibly good operating system which allows you to do so much more than XP.
The new look, design, simplicity, controls and layout are all fantastic. I've got a clock and a
calendar on the right hand side of my desktop and all my icons easier and clearer to recognise. It
takes under 5 seconds to log in and the graphics are just great. I've got Windows Vista Home
Premium and as long as I install the compatible drivers, all the software works! I'....
How To Login To An Expired Windows Xp System
(18) Disclaimer from the site: QUOTE Disclaimer: I do not applaud piracy, but I do feel people
should have access to their personal files, regardless of whether Windows has expired or not. This
tutorial should not be used to bypass Windows Activation, nor does it restore full Windows
functionality, but I provide it to those who are in desperate need of accessing files that are
suddenly lost to them through the Microsoft Genuine Advantage activation system. I just
came across this interesting tutorial. By now, everyone is familiar with Windows XP's....
Deleting A Corrupt File
Cannot delete a corrupt file on Windows XP... (31) I was upgrading some software and came across a corrupt file that halted the installation process. I
went to see what was wrong with the file, and failed to manually delete it. I tried moving
(cut&paste) it to another location, and the installation succeeded. However, the file is still on my
drive, taking up a KB of space. I know that's not a lot, but where am I supposed to put it? In a
folder created especially for all the corrupt files on my computer? /blink.gif"
style="vertical-align:middle" emoid=":blink:" border="0" alt="blink.gif" /> I've heard
something....
Lock Workstation Shortcut
How to make a shortcut to lock your windows computer (11) 1) Right click on desktop and select add new shortcut 2) In the 'Type Location of the item:'
box type or copy %windir%\System32\rundll32.exe user32.dll,LockWorkStation then click 'next'
3) In the 'Type a name for this shortcut:' box type or copy "Lock Workstation" and click
'Finish' 4) Now if you would like go to properties and Change Icon browse to:
%SystemRoot%\explorer.exe and I use the red circle with the white x ....
Windows XP Folder Encryption Key ?
Where is the Windows XP encryption Key saved. (15) Does any one know where is the encryption key in Windows XP stored. In other words how can one get
encryption key. Or how to retrive the data without the encrytion key. By encrypting a file or
folder, we are converting it to a format that can't be read by other people. A file encryption
key is added to files or folders that you choose to encrypt. This key is needed to read the file.
....
Downgrade Windows MCE To XP?
(9) Is it possible to downgrade a Windows Media Center Edition computer to use Windows XP instead?
Someone is having so much problems with this machine and I think it's the Operating System
causing the problem. I told her to reinstall Windows MCE, but I don't think they gave her any
Windows CDs. I think she got it burned from a recovery partition after I told her to look for one.
But that doesn't seem to work. So I'm thinking of downgrading to XP as a possible solution.
Isn't Windows MCE very similar to Windows XP, aside from the extra media features? Th....
Windows Xp Bsod Troubles
(5) Our family computer is running Windows XP Home SP2 with all the latest updates installed and we
constantly get Blue Screens of Death. The most common is DRIVER_IRQL_NOT_EQUAL_OR_LESS in NDIS.sys
and portcls.sys. I have googled this many times and found nothing to help but I have heard the two
files are for the network card and sound card respectively. The computer has the following specs:
- Intel Pentium 4 3.0GHz - Gigabyte 85661FXMP-RZ motherboard with Award v. 6.0 BIOS - NIVIDIA
GeForce FX 5200 - No idea what the network card and sound cards are but we use the net....
Can You Create A Folder Name "con"
Is it possible to create a folder named "CON" in Windows? (21) I tried in both Windows XP Home and Professional. If you try to make a folder named "CON" Windows XP
renames it back to what it was. So creating a new folder with the name "CON" just renames it to "New
Folder". The bug seems like a variable that got treated as a string or vice-versa. Trying to create
the folder from a cmd prompt failed with an error "The directory name is invalid.". This also works
when you try to create a file called "CON", or "CON.". ".CON" shows up the way it should. Somewhere
I found the reason that CON stands for CONsole which is device name but....
The Best Version Of Windows
(51) With all the different flavors of Windows, what in your opinion is the best version? Win95, Win98,
Win98SE, WinNT, Win2000, WinXP, Vista, and even remember Windows 3.1? I hear that hardcore Windows
users are in love with Win98SE for some reason? Is there any justification behind this? I mean
this is a version of Windows that is definitely not supported anymore, but is the security and
stability of this version that much better where it doesn't need support? Personally, I really
like Win2000 over any other version. It seems more secure and stable, and I'm pr....
Windows Problems "new Series"- Xp Home Edition Activation Issue
(7) i never used Windows XP Home edition before, in these days i have no way to use it on my work pc,
have no profissional edition and i don't want to buy one, in fact i hate windows at all, i use
linux and it's so good and enough to me, but i must use it noway. after i installed it, it asked
me to activate it, i went into the activation process, finally it told me to call any microsoft
products reseller or something like that to provide me with a new product number as they say in that
message: QUOTE According to our records, the number of times you can activ....
Help: Adding My Videos Folder To Start Menu
Windows XP Only (12) Okay, I am halfway to being able to add the My Videos Folder (the only of the special My folder I
really use) to the start panel. For those of you who don't know what I am talking about, make
sure you have the new XP start menu not classic, then open your start menu. The right side is the
start panel, and it should have links to things like My Documents, My Music, My Computer, etc. The
only one you can't add to it (you add features to it from the properties page) is the My Videos
File. No, my method: 1) Knowing Windows as well as I do, first thing after ex....
Using Same Serial # On Multiple Copies Of Windows
(31) I heard it is possible to run more than one computers on the same serial of Windows. I also heard
that it can be registered and use all the functions of any legal copy of Windows. Lets say I have 4
computers in my house and don't want to pay $800 for windows on each one if I build them all
myself. I can just put same serial on all of them. But I heard this is also breaking the EULA
agreement with Microsoft which redeems this being illegal or improper use of windows. I would like
to hear your sides on this, or the whole truth behind this. If so does this mean somebody....
Chmoding On Windows (apache) ? Howto ?
(5) Hi, I've recently installed Apache 1.3.34 on my Windows XP machine. Does anyone know how to CMOD
files to specific values? I've read somewhere that if you set the file to 'readable'
that is the equivalent of CHMODing it to 777...is this true? By the way, sorry if this is in the
wrong forum section. I wasn't really sure where to put this.....
Unfreezing Your Computer
(15) Okay, you know when your computer freezes, and you can't unfreeze it? I have found 2 ways to
solve this issue: 1. When your computer freezes, press *AT THE SAME TIME*
ctrl + alt + delete = unfroze computer! 2. Or, if your computer has a restart button, press it to
restart you comp. You may lose you info, but it happens to everybody. /sad.gif' border='0'
style='vertical-align:middle' alt='sad.gif' /> -----Not enough information to be considered a
tutorial. Moved from to -----szupie ....
How To Create "ghost" Images (norton) On Windows
(53) Hi, I'm tired of wasting so much time on a site when I have to reinstall Windows from scratch.
Want to speed up the process a little since I have to install Windows XP, any Service Packs, Norton
Antivirus and Microsoft AntiSpyware for the computers. I want to create images of good working
Window states, but have some questions. 1. How much faster would this be compared to reinstalling
everything manually? I will be doing this from an external hard drive. 2. What are the chances of
an image not working assuming that the image created is good? I heard that these ....
Command Line (dos) Tips For Windows Xp
(7) Windows XP cmd tip (DOS isn’t dead... it just smells funny) Some command-line folder creation
examples: To create multiple folders at once, add them directly to the "md" command: C:\> md this
is a test To create a folder several folders deep, use: C:\> md this\is\a\test Creating a folder
with a long name requires the double-quote at the beginning: C:\> md "this is a test Bonus tip:
Windows XP supports the forward slash "/" as a folder divider. Unix/Linux users: don't let the
DOS environment get you down. Use a Unix-style CD command to change your present worki....
How To Repair Disk Errors And Bad Sectors
Windows Xp,2000,Nt (5) How to repair disk errors and bad sectors in Windows Xp,2000,NT You can use Windows Disk Manager
tool to check for file system errors and bad sectors on your hard disk. To check your drives:
1- right click on drive and click Properties 2- click Tools tab and under Error-checking, click
Check Now 3- in dialog box select the Automatically fix file system errors or/and Scan for and
attempt recovery of bad sectors check box Automatically fix file system errors ....
Where Does Windows Xp Store Its Passwords ?
(18) Is thre a file where password information is kept in windows XP? If so what is it's name and
where is it located?....
A Note To All Illegal Windows Xp Owners
(54) Hi, all illegal Windows XP users WILL NOT be able to download any updates or software from Microsoft
website. Automatic Updates will no longer work, because Microsoft will have to ask for your Software
identification.....
How To Increase Windows Shutdown Speed
when you enabled “clear Page File at shu (45) How to increase Windows shutdown speed when you enabled “clear Page File at shutdown”? /blink.gif"
style="vertical-align:middle" emoid=":blink:" border="0" alt="blink.gif" /> Note that making
incorrectly changes to the registry may damage your system; please back up any valued data on your
computer. 1) Go to Start menu > Run > and type regedit and click OK. 2) Find following address:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \Session Manager \ Memory Management
3) In right side right click on “ClearPageFileAtShutdown”, select Modify and make value of ....
Windows Not Recognizing Ipod
(33) OK, I'm running Windows XP and my iPod is not detected when I plug it in. The only things that
I could guess are wrong are that I recently had a trojan, known as BackDoor-AWI and that my router
flaked out and I have no internet on the computer in question now. I'm not sure what happened,
but for some reason, McAfee is telling me that it's all screwed up on startup. So it's not
even running anymore. My computer does recognize USB keys, but will not see my iPod for some
reason. Any ideas?....
Looking for windows, xp, security, flaw, protect, computer, multi, user
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for windows, xp, security, flaw, protect, computer, multi, user
|
advertisement
|
|
