Slashdot Mirror


Aging Security Vulnerability Still Allows PC Takeover

Jackson writes "Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows' password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because 'Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble'. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website."

4 of 282 comments (clear)

  1. Breathtaking Arrogance or Stupidity? by allcar · · Score: -1, Troll

    For Microsoft to have failed to patch an issue such as this must be indicative of either breathtaking arrogance or utter stupidity... or perhaps both. Which is it?

    1. Re:Breathtaking Arrogance or Stupidity? by mumblestheclown · · Score: 0, Troll

      What, expecting to be modded up for such "wisdom"?

  2. wow...amazing....*yawn* by Anonymous Coward · · Score: -1, Troll

    And what stops someone from doing the same thing against Linux? Nothing. OMG linucks developers haven't fixed this critical issue in years. Stop the presses! These awful arrogant linucks developers. I 3 stories by idiots who don't know what they're talking about.

  3. The REAL question is... by 93+Escort+Wagon · · Score: 0, Troll

    ... whether on not Microsoft will include this demonstrated vulnerability the next time they calculate the average time security vulnerabilities remain unpatched on Windows versus Linux.

    Wait, I forgot - they only include the vulnerabilities they've acknowledged.

    --
    #DeleteChrome