Slashdot Mirror
Crack Windows XP With... Windows 2000
An anonymous reader writes "According to this story seen on Brian's Buzz on Windows, access to a Windows 2000 CD is all that is needed to bypass all (well, most) Windows XP security features. An attacker can boot up XP and start the Windows 2000 Recovery Console which allows them to operate as any user, even Administrator, without requiring them to enter a password. This method even allows someone to copy files to removable media, something which normally the Administrator can't even do in the Recovery Console."
I have to agree with Microsoft that if the bad guys have physical access to your computer you have some serious problems. however, let's note this scenario.
1. Important computer. Locked down
2. Bad employee, always has to computer for job.
3. Employee "works late" one night
4. Employee brings in Win2K CD
5. Employee hickjacks data to floppy unlogged
6. Employee blackmails company or other bad thigns
I am just amazed that what was secure in 2000 is less secure in XP.
Good ol', silly Microsoft.
This isn't one of them. If I have access to a box physically, I can destroy all of the content with a sledgehammer. I can also mount any partition for any operating system and start messing around. Ever tried booting into rescue mode in Windows? That works too. Use digital security means for digital access, physical means for physical access. That means a security guard and at the very least lock and key.
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
Although I originally thought "well hey, if your data center isn't secure, and you can't trust your operators, well, you're hosed!"
But then I got to thinking about this a little bit more. Microsoft's primary customer is the one that doesn't have a secure data center. Additionally, it's not out of the ordinary to reboot Windows XP computers.
Just think... I run a small business (about 10 people) and I electronically secure my XP server the best I can.
Then the secretary calls and says "oh, I just installed XYZ for you, so I rebooted the server". OK, no big deal.... that happens all the time.
But THEN, instead of simply rebooting, he manages to steal all of my corporate data...
Ouch!
So those who live in the datacenter might see this as a problem that we solve with physical security. But for the regular small XP shop, well, you just can't have physical security without spending $$$.
Of course, in my shop, we reboot on average once or twice a year. So it's a little harder to reboot with the goal of ripping data. Then again, our operators have root access...
Or just get this ISO and boot, WHAMMO instant access, and it is 100% free, unlike the Windows 2000 CD:
http://www.knopper.net/knoppix/index-en.html
In Linux (also in win) you have many different ways to protect your partitions:
http://koeln.ccc.de/archiv/drt/crypto/linux-disk.h tml
I think that the difference is important; in Linux everybody know the way to mount partitions and retrieve/change the info inside them. In windows it's suppossed you can't do that.
Well if you go local access then I can install a keylogger or change passwords or create users that can get net access on the next reboot. Once you got local the network isn't far behind.
Not that most Linux boxes are any better. Most can be breached with a floppy.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Why is the /home/ filesystem not by default encrypted with the users' passwords?
This wouldn't be a bad idea if we made use of the chattr option to set the encropytion bit for files or directories. This could be set as default for the user's home directory and could be toggled off for non sensitive material.
I see a HOWTO brewing...
Windows 2000, of course, doesn't allow Recovery Console users to access a hard drive without a password, if one previously existed.
Omnes arx vestrum sunt adiuncta nobis.