-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Microsoft screws up again!
- Thread starter Ciber
- Start date
JeffSpicoli
Senior member
At Microsoft, quality is job 1.1.
To play devil's advocate for a moment, UNIX systems have this problem too. Boot from a disk or CD, mount root disk, chroot. Local root, just like that. The only defense is to make sure no untrustworthy figures get physical access to an important server. If this were done to a workstation, only that workstation would be comprimised, not the whole network.
bonkers325
Lifer
omfg this is unreal
I don't understand if you have to boot from Win2k CD or you can run that Recovery Console and get passwords within WinXP? Booting your own OS to get data/passwords from computer is IMHO not security hole: I think this can be done with almost any OS what isn't specially protected (crypted patitions etc.). You can pretty easily overcome this by disabeling booting from other media than HDD and putting BIOS under password (at least it would make such actions more complicated). But if any user can run some program to get over admin password, then it's bad.
Barnaby W. Füi
Elite Member
If you have physical access to the machine, you can DESTROY THE THING WITH A BRICK. Why is this a big deal? Physical access overrides everything else, if you have "root" in the real world, then you can GET root on the computer. Unless you use an encrypted file system 😉
Zugzwang152
Lifer
isnt there an option to encrypt NTFS, so you need Admin passwords to do anything but see file names and such?
Barnaby W. Füi
Elite Member
NTFS has encryption, but I don't really know the specifics of it.
Zugzwang152
Lifer
I had trouble with that myself when my HD turned up bad sectors. booted off an ntfs dos floppy, but it wouldnt let me copy out files without logging in as an admin or the generic Administrator.
Barnaby W. Füi
Elite Member
Yeah, it seems you can only access EFS stuff in the windows gui, which is pretty braindead in the event that you can't get into graphical mode. I guess stick the drive in another machine? But then how do you get your key (or certificate?) off of the encrypted disk? 😕
Zugzwang152
Lifer
I ended up booting off my XP CD, going into Recovery Mode(which you need access to the generic/default Administrator account), and copying sh!t over using full file names :|
Skyclad1uhm1
Lifer
Useless if you can asume the identity of any user on the system, it will then show all the files of that user. Encryption in this case is to make sure no other users can access it.
As far as I know you can lock up the FS under Linux so far that not even mounting it will be possible if you have not logged on.
Barnaby W. Füi
Elite Member
No, a filesystem is a filesystem, it has no idea, nor cares whether you are logged in or are running single user or whatever. I *believe* linux has some encrypted file system stuff but I don't really know for sure. Some or all of the BSD's have it.
dmcowen674
No Lifer
There is nothing new here like many have pointed out.
Where do you draw the line between physical world and Data is more of the appropriate question here. You may not like the fix.
This could be somewhat prevented by disabling the booting from anything except the hard drive, and setting a password that would be required to modify BIOS settings. Those proceedures would keep the casual hacker out of an academic system, but for an office where a user can spend much time in relative isolation with the system, there's no reason they couldn't take out the CMOS battery and undo all of your careful efforts at protecting the system.
NogginBoink
Diamond Member
Um... if someone has physical access to the machine, no amount of logical security is any good. That's a fundamental tenet of computer security.
Second, the recovery console does require a password. In fact, it required the local admin password (under most circumstances).
Third, the recovery console does not allow a user to 'manipulate any part of the machine at will' or 'assume the identitiy of another user on the machine'
Fourth, go back to my first point... if you have physical access to my machine, there aint nothing I can do to protect my data. You can boot to your custom floppy disk that can read the hard drive, whether that OS is the recovery console or Linux, or BillAndTedsMostExcellentBootDisketteForCrackingComputers.
This is in no way a security hole in Windows XP. The author of that article is just downright ignorant, and no security professional would give that article any credence at all.
I could do the same to a Linux machine... boot to a floppy disk and read the filesystem on the hard drive.
This is a waste of bandwidth.
Second, the recovery console does require a password. In fact, it required the local admin password (under most circumstances).
Third, the recovery console does not allow a user to 'manipulate any part of the machine at will' or 'assume the identitiy of another user on the machine'
Fourth, go back to my first point... if you have physical access to my machine, there aint nothing I can do to protect my data. You can boot to your custom floppy disk that can read the hard drive, whether that OS is the recovery console or Linux, or BillAndTedsMostExcellentBootDisketteForCrackingComputers.
This is in no way a security hole in Windows XP. The author of that article is just downright ignorant, and no security professional would give that article any credence at all.
I could do the same to a Linux machine... boot to a floppy disk and read the filesystem on the hard drive.
This is a waste of bandwidth.
NogginBoink
Diamond Member
You back up the certificate BEFORE you need it!
Otherwise your data's gone.
I believe Andy has a sticky thread in the operating systems forum about this.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
