Win2k Boot Disc Bypass Windows XP Passwords
Microsoft has gone to great lengths to ensure that Windows XP is the
most secure version of the Windows operating system to date, and they
have gone to even greater lengths to market it as such, security flaws
are still discovered. One of the latest problems is either a huge flaw
or no flaw at all depending on your perspective.
The flaw works by booting a Windows XP system using a Windows 2000 CD and going into the Windows 2000 Recovery Console mode.
When done on a Windows
2000 system, a password is required to access the hard drive and manipulate
the files. In this mode copying files to removable media is restricted
The other side of the coin though is that anyone who has physical access to a PC for a long enough period of time could eventually figure out how to crack the password or break the file encryption and view files they are not intended to see.
A user with malicious intent can find any number of tools to break into a system which they can physically touch. They can install keystroke logging software to steal passwords or backdoor programs to grant themselves unrestricted remote access. If they wanted to, they could simply remove the hard drive and work on it in their leisure time at home.
Some simple measures can prevent many of these problems. By enabling the BIOS level password protection you add a layer of security that even a bootable CD cant bypass. You can also use EFS (encrypted file system) to protect your files from prying eyes.
Microsoft has not yet officially recognized this as a flaw or released any patch or workaround. This loophole, or flaw if you are so inclined, offers even a technical novice an express route into the system and to all that lies within. All that the security-minded PC user or system administrator can do for now is be aware or possibly try to ensure that the computer itself is physically protected from unauthorized access by being in a locked room, enabling the BIOS password protection or protecting sensitive data with EFS.
Copyright (c) 2000-3000 by Ing. Eduardo Palena - Napolifirewall.com