Wasn't there a similar exploit a few years ago on windows 2000. Auto start of CDs was enabled even when nobody was logged in. If you put a cd with a.bat file in the cd tray, it would start the file which copied cmd.exe to the screensaver file. Wait a couple of minutes, and when the screensaver was supposed to be activated, a command prompt with administrator privileges pops up.
Slashdot Mirror
If you always boot from an external media, let's say truecrypt bootable CD-R, wouldn't this solve the problem?
Cool. But how much will that touch screen lap top cost me, and how dirty will the display become after a half a can of Pringles?
Wasn't there a similar exploit a few years ago on windows 2000. Auto start of CDs was enabled even when nobody was logged in. If you put a cd with a .bat file in the cd tray, it would start the file which copied cmd.exe to the screensaver file. Wait a couple of minutes, and when the screensaver was supposed to be activated, a command prompt with administrator privileges pops up.
Some details on the current setup:
http://meta.slashdot.org/article.pl?sid=07/10/18/1641203
http://meta.slashdot.org/article.pl?sid=07/10/22/145209