XP passwords rendered useless?

Windows XP, which has been marketed by Microsoft as "the most secure version ever," has been found to have a flaw so bone-headed that it renders passwords ineffective as a means of keeping people out of your PC.

Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.

Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.


The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.

Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.

This problem is unrelated to a feature of XP that allows an Administrator to set up automatic logon when the Recovery Console is used. Even without the Registry entry that enables this, XP is vulnerable.

Sursa: http://www.briansbuzz.com/w/030213/

pai in orice sistem poti sa intri cu o disketa/cd bootabil si sa faci ravagii... e ceva local asa ca no biggie.... nu oricine are acces local sa faca treaba aia.

Sunt multe de spus despre ce poate sa faca cineva daca are acces fizic la calculator. Nu cred ca are rost sa incepem o discutie acum.
Ce spune Microsoft si pe buna dreptate: "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore."

Ce, in linux, nu bootez cu un cd-bootabil de Slackware (sa zicem) sau dicheta de boot, mountez partitia root de linux, chroot si s-a terminat totul? Asta nu se  numeste "root password rendered useless?"

Pe un forum , cineva concluziona la faza asta (dupa o lunga lista cu posibilitati funny):

"he/she can even piss in your floppy drive"

Discutia e inutuila in sensul ca nu poate fi vorba de o solutie de securitate a sistemuluyi ci de o solutie de securitate a camerei. Plus ca si la 2000Server se poate face treaba aia bestiala cu Floppy.