Re: Breached Admin Security Problem
From: Bryce (bryceATmiltonDOTcom)
Date: 05/07/02
- Next message: dbcurrie: "Re: Can I delete?"
- Previous message: Nick: "Re: User rights"
- In reply to: Kevin: "Breached Admin Security Problem"
- Next in thread: Sp!ke: "Re: Breached Admin Security Problem"
- Reply: Sp!ke: "Re: Breached Admin Security Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bryce" <bryceATmiltonDOTcom> Date: Mon, 6 May 2002 16:48:19 -0700
When someone has physical access to the machine, all security bets are
off really. Multi-user network operating systems like NT and Unix have a
great deal of technology designed to protect a machine from remote
compromise, but with physical access to a machine, all those safeguards
ultimately boil down to is a series of bits on a disk that can be
read\deciphered\modified\scrambled\deleted with varying amounts of
difficulty using any of a zillion techniques that range from simple to
sophisticated... Assuming your admin password isn't blank and Junior hasn't
compromised your personal creds, all he needs to do is hack or delete the
SAM to gain root (which can be as easy as booting the machine off one of
Peter Nordahl's floppy disks - Google that name to learn more).
You could setup some speed bumps by taking the floppy and CD out of your
boot order, password protecting your BIOS, locking your case, verifying that
Junior doesn't have the webcam pointed at your keyboard, removing everyone
but the admin from the administrator group, renaming the admin account,
upgrading to NTFS, etc. Tinfoil hats and nifty biometric gadgets such as
DigitalPersona's "U. are U." fingerprint scanner could also be a fun way to
escalate this father-son game to the next level ;-)
-Bryce
PS Remove everyone from the power users group as well - There are multiple
avenues of privilege escalation open to members of this group, as they are
essentially "admin lights" on the machine.
"Kevin" <kevis41@aol.com> wrote in message
news:082701c1f4f3$c9af1750$37ef2ecf@TKMSFTNGXA13...
> I've set up my XP so ONLY I have administartor's rights.
> However, my 17 yo son keeps changing his from "Limited"
> to "Administrator". How can he do that? I keep changing
> my login password and he just keeps changing his access
> rights back to Admin. I've never even typed my password
> when he was in the room and it's just a meaningless series
> of numbers and letters - nothing predictable. There MUST
> be some backdoor way he can either obtain my password or
> gain access. Can anyone help me? Is there some
> additional "lock" I can put on users access rights?
- Next message: dbcurrie: "Re: Can I delete?"
- Previous message: Nick: "Re: User rights"
- In reply to: Kevin: "Breached Admin Security Problem"
- Next in thread: Sp!ke: "Re: Breached Admin Security Problem"
- Reply: Sp!ke: "Re: Breached Admin Security Problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
