[Dshield] Security Issue with XP

Bob Love bob.lists at raha.com
Fri Apr 30 22:13:07 GMT 2004


> Unless microsoft has fixed it and I havn't seen it there is a security
> flaw you can use.  Brian's Buzz sent out the following:

This is not a security issue with MS per-se, it's a security issue with
having physical access to the box.

There's no such thing as security on a box to which other people have
physical access, less true if the box is partially secured (bios pasworded
and set not to boot from floppy or cd, etc) but all security goes out the
window (no pun intended) if your intruder has access at the hardware level,
i.e. can remove the HD or whatever.

The only partial solution to this would be to keep sensitive stuff in (e.g.)
a pgp encrypted disk, which would make things considerably harder for anyone
with a view to stealing your files...

Let's face it, anyone determined enough can get your data if they have
physical access. Boot from a ghost diskette and make an image of your HD -
job done in what? 5 minutes? 10?. Take it home they have all the time in the
world to rifle through it.

Regards

Bob





More information about the list mailing list