Hack into a Windows PC - no password needed

[Zenphic]

Yikes!

News: Hack into a Windows PC - no password needed - Security - Technology

Quote:

Hack into a Windows PC - no password needed
Email Printer friendly version Normal font Large font Saved Asher Moses
March 4, 2008 - 1:28PM

Interviewed in ITRadio's Risky Business podcast, Boileau said the tool, released to the public today, could "unlock locked Windows machines or login without a password ... merely by plugging in your Firewire cable and running a command".

[Adrian Wong]

Yikes! So easy??

Guess we better disable the Firewire port unless we really use it.

[Zenphic]

Quote:

Originally Posted by Adrian Wong

Yikes! So easy??

Guess we better disable the Firewire port unless we really use it.

Aye, I always disabled whatever I never used for performance. Never knew it would be more secure

[peaz]

Wow... interesting.

Hmm

Quote:

Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer's memory was actually a feature of Firewire.

"If you have a Firewire port, disable it when you aren't using it," Ducklin said.

[eXPeri3nc3]

Quote:

Originally Posted by Zenphic

Aye, I always disabled whatever I never used for performance. Never knew it would be more secure

Eh disabling it can boost performance? Cool.
Time to disable mine.

[Adrian Wong]

Quote:

Originally Posted by eXPeri3nc3

Eh disabling it can boost performance? Cool.
Time to disable mine.

Not really. It will save you an IRQ though... although modern PCs have more than enough IRQs thanks to APIC.

[Zenphic]

Quote:

Originally Posted by eXPeri3nc3

Eh disabling it can boost performance? Cool.
Time to disable mine.

Maybe not firewire, but things like IDE channels or network cards might slightly boost Windows startup speed since the OS will not need to autodetect some non-existing devices. Well that's what I think happens

[Adrian Wong]

Quote:

Originally Posted by Zenphic

Maybe not firewire, but things like IDE channels or network cards might slightly boost Windows startup speed since the OS will not need to autodetect some non-existing devices. Well that's what I think happens

Yup, that's true.

[64bit]

Just read through the article:

Quote:

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine.

It does not seems that easy since a Linux-based computer is needed too. By the time one has hacked into it, he might haven been discovered due to the equipments needed.

For me, this is considered a more troublesome alternative comparing to the large amount of software available that can reset/unlock Windows XP accounts.

[CoolZone]

I guess it is too much hassle to make it work.I really hoped that this could have been done over a network