Feeds

Small WinXP security glitch, not many dead

Silly tricks with Win2k CDs?

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A glitch in Windows XP security allows you to bypass passwords and gain access to a machine using a Windows 2000 CD, reports the newsletter Brian's Buzz. Of course in order to use the CD you need to have physical access to the machine already, so this is a pretty pointless glitch - it is, however, a glitch.

It works like this. If you boot an XP machine using the Win2k distribution CD and start the recovery console, you can then get into it, copy and change files without needing a password. This doesn't work using the XP recovery console with XP, nor using the Win2k console with Win2k,so it's clearly an oopsie.

But on the other hand, if we're not talking encrypted file systems here (which we're not), then so long as you've got an innocent PC running any old operating system at your mercy you can surely get in there. With Win2k or XP it doesn't take a whole lot of expertise to just use the distribution CD to reinstall the OS, and then it's all yours anyway.

So in this case, we figure the only effects are that it gets round a bit of window dressing style security which doesn't do much more than stop the unlettered breaking in, and it helps dispel any illusory feeling of security similarly unlettered users might have.

Which is good, in its own small way. But getting a high security PC where your password (or perhaps your smartcard or your - shudder - Microsoft watch) actually means much, and which is capable of repelling the technically astute office cleaner, is an entirely different matter. Not that we think many of you will like it when you get it, anyway. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.