Windows XP, which has been marketed by Microsoft as "the most secure version ever," has been found to have a flaw so bone-headed that it renders passwords ineffective as a means of keeping people out of your PC.(Via Linkfilter.)
Reader Tony DeMartino alerted me to the problem, which all administrators of Windows XP machines should immediately take to heart:
Anyone with a Windows 2000 CD can boot up a Windows XP box and start the Windows 2000 Recovery Console, a troubleshooting program.
Windows XP then allows the visitor to operate as Administrator without a password, even if the Administrator account has a strong password.
The visitor can also operate in any of the other user accounts that may be present on the XP machine, even if those accounts have passwords.
Unbelievably, the visitor can copy files from the hard disk to a floppy disk or other removable media - something even an Administrator is normally prevented from doing when using the Recovery Console.
Thursday, October 07, 2004
XP passwords rendered useless: A major XP security hole has been found.