Windows account (including the built-in ones such as Administrator) without a password should not be accessible over a network by default, right? Whether it'd be an RDP session or file sharing?
Password-less User Accounts in Windows XP
- Thread starter WobbleWobble
- Start date
VinDSL
Diamond Member
I used to have a link that said that passwordless accounts couldn't be used for filesharing (not sure about RDP).
I know that's the case on Vista, but I can't remember if XP had that same requirement (having a password to be part of the RDP group or not)
It looks to be the case with RDP as well as it says in System Properties (where you enable it), "For users to connect remotely to this computer, the user account must have a password."
What's on my mind? I had a family member mention that when they were shutting off, Windows warned that they would disconnect a remote users. So with a clean XP SP3 install with all the updates, I'm not sure how that could have happened. Windows Firewall turned on, only a single user account along with the built-in ones (all without passwords).
It's the only computer behind a wireless router (WPA I think).
The only installed software is Avira, Flash, Acrobat, Java, Secunia PSI, iTunes, Office 2003. These are clean (non-pirated) installs of Office and Windows, self-slipstreamed. Avira is updated and Secunia reports that everything is up-to-date.
The only attack vector that I can think of is Frostwire. But that was not running at the time. It was connected to someone else's open wifi (because I didn't have the person's wifi password yet) for a couple hours to download iTunes, Secunia, Avira update.
So that's why I'm really puzzled at how this could have happened. This was over a period of a couple days. My understanding is that the person just uses it for regular Internet and Office use (to be verified). I haven't had a chance to look at the computer yet, but I will tomorrow.
Asides from a vulnerability in one of these other programs or the user getting infected with a virus, I wanted to rule out the likely hood of being attacked over open wireless just because the user accounts don't have a password.
What's on my mind? I had a family member mention that when they were shutting off, Windows warned that they would disconnect a remote users. So with a clean XP SP3 install with all the updates, I'm not sure how that could have happened. Windows Firewall turned on, only a single user account along with the built-in ones (all without passwords).
It's the only computer behind a wireless router (WPA I think).
The only installed software is Avira, Flash, Acrobat, Java, Secunia PSI, iTunes, Office 2003. These are clean (non-pirated) installs of Office and Windows, self-slipstreamed. Avira is updated and Secunia reports that everything is up-to-date.
The only attack vector that I can think of is Frostwire. But that was not running at the time. It was connected to someone else's open wifi (because I didn't have the person's wifi password yet) for a couple hours to download iTunes, Secunia, Avira update.
So that's why I'm really puzzled at how this could have happened. This was over a period of a couple days. My understanding is that the person just uses it for regular Internet and Office use (to be verified). I haven't had a chance to look at the computer yet, but I will tomorrow.
Asides from a vulnerability in one of these other programs or the user getting infected with a virus, I wanted to rule out the likely hood of being attacked over open wireless just because the user accounts don't have a password.
VinDSL
Diamond Member
Okay, my first impression WAS someone has hacked into your machine and is using it for a Zombie.
However, considering the WPA comment (I'm a war driver from wayback) I think one of your neighbors is playing you for a sucker!
Either way, the 'next step' is the same - download a good 'packet sniffer' and figure out how to use it...
Personally, my weapon of choice is 'Wireshark', formerly known as 'Ethereal'. Nothing beats Wireshark/Ethereal!
http://en.wikipedia.org/wiki/Wireshark (Wikipedia Article)
Either that, or you can be a sheep and let ppl bend you over the fence...
Happy hunting!
VinDSL
Diamond Member
Continuing: I typed the above last night, before going to sleep. Now that I'm awake and refreshed... I digress.
A couple of years ago, we got back 'into' lappys, after a 10-year hiatus. And, that was our first experience with WiFi et al.
Someone brought a lappy home, sat it on the kitchen table, and fired it up. Next thing you know I heard, "Hey, I've got an internet connection!" And, a few minutes later, "Check this out. I'm looking through someone's computer."
LoL!
I told them, "Get the hell off their machine. If someone finds out we're on their computer, the cops will bust the door down and arrest us all! If you want WiFi, go buy a router."
Now, we're running 3 WiFi routers (configured as wireless access points) and a WiFi gateway router...
Anyway, when you mentioned WAP, it set off bells and whistles for me. I *suspect* someone is using it to get into your LAN.
If I was you, I would make CERTAIN that you have your wireless locked down. No telling what that 'remote user' is doing...
A couple of years ago, we got back 'into' lappys, after a 10-year hiatus. And, that was our first experience with WiFi et al.
Someone brought a lappy home, sat it on the kitchen table, and fired it up. Next thing you know I heard, "Hey, I've got an internet connection!" And, a few minutes later, "Check this out. I'm looking through someone's computer."
LoL!
I told them, "Get the hell off their machine. If someone finds out we're on their computer, the cops will bust the door down and arrest us all! If you want WiFi, go buy a router."
Now, we're running 3 WiFi routers (configured as wireless access points) and a WiFi gateway router...
Anyway, when you mentioned WAP, it set off bells and whistles for me. I *suspect* someone is using it to get into your LAN.
If I was you, I would make CERTAIN that you have your wireless locked down. No telling what that 'remote user' is doing...
That's definitely something to check, since I was not the one who set it up. But regardless of if another computer is on the network, I'm still trying to determine the attack vector. Which brings me back to my original question, are password-less accounts in XP (by default), not usable remotely? 
Anyways, I'll be able to investigate it this weekend and I'll let you guys know what I find.
Anyways, I'll be able to investigate it this weekend and I'll let you guys know what I find.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter