Gaining System-Level Access To Vista
An anonymous reader writes "This video shows a method by which a user can use a Linux distro called BackTrack to gain system access to Windows Vista without logging into Windows or knowing the username or password for any accounts. To accomplish this, the user renames cmd.exe to Utilman.exe — this is the program that brings up the Accessibility options for users without sight or with limited vision. The attack takes advantage of the fact that the Utility Manager can be invoked before the user logs into the system. The user gains System access, which is a level higher than Administrator. The person who discovered this security hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows Vista is."
Allow full root access
Cancel or Allow...
A conversation amongst the developers: Dev 1: "You see - we can just rename the exe and then get the job done!" Dev 2: "Is there a risk?" Dev 1: "How? Users without sight or with limited vision will have a hard time getting to cmd.exe to rename it - dumbass!"
Right... They should think of some system where the BIOS will only load code that was digitally signed somehow, so these atrocities are no longer possible. Personally, I will only feel safe when I know that Microsoft completely controls what goed on on my PC!
[badpun]Why not just call it a NIC like everyone else?[/badpun]
Maybe if you did it to a Vista machine a decade ago, it would have.
I think we can all agree that any hack involving a time machine is newsworthy.
For a while, anyway.
It's much much harder with Linux. First of all you have to work out how to lure the user out of their basement and away from their computer.
Not all cripples are crippled all of the time. Sometimes they appear quite normal and then have "spak attacks" which renders them unable to function like real humans. In these cases it is imperative that they can activate sticky keys with their flailing limbs so they can save their work and exit gracefully (well, you know what I mean) from the program.
Your ignorance and intolerance of cripples and mongs astounds me.
I use a 26 char password on a laptop that locks every 5 minutes.
Once you get used to it, it's not too annoying at all.
What if Tetris was invented by Nazis?
abcdefghijklmnopqrstuvwxyz ?
I'm guessing that wasn't on their radar screen...
No, it's
qwertyuiopasdfghjklzxcvbnm
but good guess!
c0:ld:de:ad:be:ef:15:f0:0d
That's amazing. I've got the same combination on my luggage!