Tool Can Hack Into A Windows PC Sans Password

A New Zealand-based security consultant has released a tool that can unlock a Windows computer in seconds without a password.

The hack, which involves Windows XP computers but has not been tested with Windows Vista, was first demonstrated by Adam Boileau at a security conference in Sydney in 2006. Microsoft has not developed a fix for it yet. (Source: com.au)

The tool released by Boileau can unlock Windows machines or login without a password by plugging in a Firewire cable and running a command. Boileau did not release the tool in 2006 because Microsoft was cagey about whether Firewire memory access was a real security issue or not and he didn't want to cause any trouble.

Since a couple of years have passed and the issue has not been resolved, Boileau decided to release the tool on his website.

Use of the tool requires a Linux-based computer connected to a Firewire port on the target machine. The target machine is then tricked into allowing the attacking computer to have read and write access to its memory. Once access to the memory is established, the tool can modify Windows' password protection code, which is stored there, and render it ineffective.

The security hole found by Boileau is not a vulnerability or bug in the traditional sense because the ability to use the Firewire port to access a computer's memory is actually a feature, says Paul Ducklin, head of technology for security firm Sophos.

Ducklin recommended disabling your Firewire port when you aren't using it. Information on Firewire ports and how to disable them is available from Small Business Computing. Microsoft was not available for comment at the time the article was published.

Visit Bill's Links and More for more great tips, just like this one!