[Dshield] Security Issue with XP

Sean Lewis sean at SUSPEND.NET
Fri Apr 30 03:26:54 GMT 2004


http://www.microsoft.com/technet/archive/community/columns/security/essays/1
0imlaws.mspx

Law #3: If a bad guy has unrestricted physical access to your computer, it's
not your computer anymore

> Unbelievably, the visitor can copy files from the hard disk to a floppy
> disk or other removable media - something even an Administrator is
> normally prevented from doing when using the Recovery Console.

Unbelievable? Why? Securing an asset against physical attack is one of the
most challenging aspects of security design. 

--
Sean Lewis, CISSP
sean at SUSPEND.NET

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of securityguy at dslextreme.com
Sent: Thursday, April 29, 2004 4:39 PM
To: list at dshield.org
Subject: [Dshield] Security Issue with XP

Has anyone else seen this?

Just a heads up on XP, I got this from a users group.
# View Group Archive: http://ITtoolbox.com/hrd.asp?i=955

Unless microsoft has fixed it and I havn't seen it there is a security
flaw you can use.  Brian's Buzz sent out the following:

Reader Tony DeMartino alerted me to the problem, which all administrators
of Windows XP machines should immediately take to heart:

Anyone with a Windows 2000 CD can boot up a Windows XP box and start the
Windows 2000 Recovery Console, a troubleshooting program.

Windows XP then allows the visitor to operate as Administrator without a
password, even if the Administrator account has a strong password.

The visitor can also operate in any of the other user accounts that may be
present on the XP machine, even if those accounts have passwords.

Unbelievably, the visitor can copy files from the hard disk to a floppy
disk or other removable media - something even an Administrator is
normally prevented from doing when using the Recovery Console.



_______________________________________________
list mailing list
list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


More information about the list mailing list