[Dshield] Security Issue with XP

Meidinger Chris chris.meidinger at badenit.de
Fri Apr 30 10:31:41 GMT 2004

As sean and warpmedia mentioned, you can pretty much forget windows security
if the person can boot the box. EFS, or better yet real strong encryption,
can hinder data theft, but if you need more security look into encrypting
the entire volume upon which windows resides. 

I've done a bit of research into the solutions available for these tasks,
and the best you can do is (or was about a year ago) either SafeBoot or
DriveCrypt. Google should turn up plenty on either.

If your environment requires 100% security, then you probably need to build
a concrete box, put the machine in there, cut all the cables, mortar the box
shut, and weld a steel jacket around it. (This approach will also secure you
against casual/opportunity theft.)



> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of 
> securityguy at dslextreme.com
> Sent: Friday, April 30, 2004 1:39 AM
> To: list at dshield.org
> Subject: [Dshield] Security Issue with XP
> Has anyone else seen this?
> Just a heads up on XP, I got this from a users group.
> # View Group Archive: http://ITtoolbox.com/hrd.asp?i=955
> Unless microsoft has fixed it and I havn't seen it there is a 
> security flaw you can use.  Brian's Buzz sent out the following:
> Reader Tony DeMartino alerted me to the problem, which all 
> administrators of Windows XP machines should immediately take 
> to heart:
> Anyone with a Windows 2000 CD can boot up a Windows XP box 
> and start the Windows 2000 Recovery Console, a 
> troubleshooting program.
> Windows XP then allows the visitor to operate as 
> Administrator without a password, even if the Administrator 
> account has a strong password.
> The visitor can also operate in any of the other user 
> accounts that may be present on the XP machine, even if those 
> accounts have passwords.
> Unbelievably, the visitor can copy files from the hard disk 
> to a floppy disk or other removable media - something even an 
> Administrator is normally prevented from doing when using the 
> Recovery Console.
> _______________________________________________
> list mailing list
> list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list