Re: CRIME Microsoft Windows XP question

From: Brian Beattie (beattie@beattie-home.net)
Date: Thu Jan 02 2003 - 06:39:39 PST

  • Next message: MAGEE Rob: "RE: CRIME Microsoft Windows XP question"

    On Wed, 2003-01-01 at 23:05, David M. Fetter wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    > 
    > It is quite feasible to break in or rather reset an administrator
    > password in any version of windows.  There are sites and instructions
    > all over explaining how to perform password recovery.  If someone has
    > physical access to the system it really isn't that difficult.  However,
    > it does require little bit of a process which often includes booting off
    > of floppy and executing some password reset utility.  So, if she did
    > some reconfiguration like that then yes, it wouldn't be hard to do.
    > 
    > The only real way that I could think to limit that would be to use
    > biometrics and disable passwords for all accounts including
    > administrator.  Then it's the individuals fingerprint that does the
    > authentication.  I myself have purchased and used biometrics from
    > www.precisebiometrics.com and it works quite well.  It's also fairly
    > affordable at less than $100 for a simple unit.  I believe you would
    > need to go to some place like www.cdw.com to order an individual unit,
    > because they only sell them in large orders.
    > 
    
    While I love to see MS bashed on security (they deserve it IMNSHO)
    Generally, given relatively unfettered access to a system I would say it
    is always possible to bypass any security measure, if you can boot from
    removable media, it becomes almost trivial.  This is why all Trusted
    Computing systems require physical security as part of the security
    policy.
    
    Encrypting files with a key not stored on the system helps, but can be
    defeated with trojan horses.
    
    the only secure system, is one locked in a room, with no power.
    
    I built a truly secure system once, then I turned it on...
    -- 
    Brian Beattie            | Having had the honor of being selected
    beattie@beattie-home.net | for a Resource Action by my former employer,
                             | it is my pleasure to announce my immediate
    www.beattie-home.net     | availability, contract or permanent.
    Embedded Systems, Linux/Unix internals Software Engineer
    



    This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 08:15:42 PST