|
A New Zealand-based security consultant has released a tool that can unlock a Windows computer in seconds without a password. The hack, which involves Windows XP computers but has not been tested with Windows Vista, was first demonstrated by Adam Boileau at a security conference in Sydney in 2006. Microsoft has not developed a fix for it yet. (Source: com.au)
The tool released by Boileau can unlock Windows machines or login without a password by plugging in a Firewire cable and running a command. Boileau did not release the tool in 2006 because Microsoft was cagey about whether Firewire memory access was a real security issue or not and he didn't want to cause any trouble. Since a couple of years have passed and the issue has not been resolved, Boileau decided to release the tool on his website. Use of the tool requires a Linux-based computer connected to a Firewire port on the target machine. The target machine is then tricked into allowing the attacking computer to have read and write access to its memory. Once access to the memory is established, the tool can modify Windows' password protection code, which is stored there, and render it ineffective. The security hole found by Boileau is not a vulnerability or bug in the traditional sense because the ability to use the Firewire port to access a computer's memory is actually a feature, says Paul Ducklin, head of technology for security firm Sophos. Ducklin recommended disabling your Firewire port when you aren't using it. Information on Firewire ports and how to disable them is available from Small Business Computing. Microsoft was not available for comment at the time the article was published.
Visit Bill's Links and More for more great tips, just like this one!
-- Related newsletter articles:
2008/01/15 Microsoft Faces (Another) Euro-probe (microsoft)
2008/02/05 Microsoft Yoohoo for Yahoo! (microsoft)
2008/03/04 Vista Price Slashed (microsoft)
2008/02/29 Microsoft's Euro-fines Keep On Mounting (microsoft)
2008/01/11 Microsoft Mulls Future of HD (microsoft)
2008/02/15 Microsoft Gets New Sidekick (microsoft)
2008/01/17 Microsoft Taking Steady Steps with Zune (microsoft)
2008/02/22 Microsoft Gives Free Software to IT Students (microsoft)
2008/02/26 First Vista Update Not Going Well (microsoft)
2008/01/25 First Vista Update Already Imminent (microsoft)
2008/02/27 Popular Encryption Methods May Be Flawed (memory)
2008/02/08 Microsoft Unveils Smarter Web Ads (microsoft)
2008/02/28 Microsoft Revives Hotmail After Catastropic Outage (microsoft)
-- Recent articles (from all channels): 2008/05/12 Today in History: for Monday, May 12, 2008
2008/05/12 [ShellX 20080512]: 'Remote Manager', and 'Cyber Bandwidth ...
2008/05/12 Video Gaming Trade Group Struggling
2008/05/12 T-Mobile Finally Joins 3G Phone Race
2008/05/12 Apple Slammed by Environment Watchdog
2008/05/09 [ShellX 20080509]: 'Advanced Run', and 'Diver Windows Manager'
2008/05/09 Texas Refuses Facebook Friend Request
2008/05/09 Photo-Enforcement Technology Replaces Officers On Patrol
2008/05/09 Cuban Government Says 'Ok Computer'
2008/05/09 Excel Can E-Mail Your Weekly Reports For You!
2008/05/08 [ShellX 20080508]: 'Shell Enhancer', and 'Lansweeper'
2008/05/08 Xobni: MS Outlook Social Networking Technology for your Inbox
2008/05/08 Music Companies Jump on GTA IV Bandwagon
2008/05/08 Fascinating: Memristor to replace Binary
2008/05/08 Adobe Hopes To Make Flash Master Of The (Mobile) Universe
2008/05/08 Spiffy Envelopes and Labels in MS Word
2008/05/07 [ShellX 20080507]: 'Winbin2iso', and 'Loop Typer'
2008/05/07 Yahoo Adds Security Warnings To Search Results
2008/05/07 Apple to Lose Money on iTunes Movie Releases
2008/05/07 Amazon.com takes New York Tax to Court
2008/05/07 Need Glasses for the Slide Sorter View in MS PowerPoint?
2008/05/07 After Winning The DVD Format War, Blu-Ray Sales Tank
2008/05/06 [ShellX 20080506]: 'Visual Basic 6.0 Portable', and 'Double-...
2008/05/06 Yahoo Outsources to Jajah
2008/05/06 New HP Circuit Could Change Technology Forever
2008/05/06 Movie Downloads To Match DVD Release Dates
2008/05/06 Microsoft Ends Yahoo Bid
2008/05/05 [ShellX 20080505]: 'Ie7 Pro', and 'Desktop Ok'
2008/05/05 The WB Network Hops Online
2008/05/05 Microsoft Slashes Price of Xbox 360 Overseas
2008/05/05 Google CEO Wants YouTube to Take More of Your Money
|
