Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crack Windows XP With... Windows 2000

Posted by timothy on from the if-you're-sitting-at-the-machine-anyhow dept.

An anonymous reader writes "According to this story seen on Brian's Buzz on Windows, access to a Windows 2000 CD is all that is needed to bypass all (well, most) Windows XP security features. An attacker can boot up XP and start the Windows 2000 Recovery Console which allows them to operate as any user, even Administrator, without requiring them to enter a password. This method even allows someone to copy files to removable media, something which normally the Administrator can't even do in the Recovery Console."

3 of 401 comments (clear)

  1. So what? by nweaver · · Score: 5, Insightful

    It is generally assumed that if you have console access to the machine, you can breach the security and acquire root. Many systems allow you to do this, deliberately.

    You can make a nice Linux boot-floopy or boot-cd to do the same thing.

    --
    Test your net with Netalyzr
    1. Re:So what? by shamilton · · Score: 5, Insightful

      This is nothing more than a red herring. If somebody has physical access to your box, then your security has been breached. Passwords aren't going to protect you from having your hard drive removed. An encrypted filesystem, however, will.

      sh

      --
      "[A] high IQ is like a Jeep; you will still get stuck, just farther from help!" --Just d' FAQs, c.g.a
  2. Different Uses by Peridriga · · Score: 5, Insightful

    I see alot of "I can boot linux into matnience mode and do whatever I want" and physical access restrictions etc...

    All true but, the application of XP was for desktop use -> Server Use. Linux (don't flame) is being primarily used for backend server systems. I don't see many secretaries choosing what boot level to start up in the morning.

    XP was supposed to provide a secure desktop enviroment for a networked organization (Enterprise Offices, Schools, Universities, Etc..)

    The fact that I can walk up to any (supposedly) secure desktop (that access isn't always tightly safegaurded) and gain Administrative Access (usually meaning also access to your entire network behind the firewall) is a big deal. Especially since it requires nothing less than the previous version of the software.

    Look more carefully at the big picture before spouting off the party line....