Discussion in 'privacy general' started by spy1, Feb 18, 2003.
Read about it here:
It already existed with the Peter Nordhal Method for ALL NT OS booting from a LINUX floppy disk or bootable CD, I often use it for regardless customers
Info and d/l :
If you really want to protect your PC against it :
password protect your BIOS and deny boot from floppy, CD and network.
Alternative prevention : a hungry pitbull in front of your machine.
Does even encrypting the entire HD work?
You know, this is all getting pretty useless. Pete
Never walk away from your machine without pressing caps lock. Then, cunningly, press and glue down the shift key. Only you will know that prising off the shift key will allow lower case letters to be entered once more, thus making your PC usable.
The bad guys don't know this, and it will make them have migraines trying to figure it out.
"... this will be little comfort to the administrators of academic computer laboratories and other facilities where users can easily pop a CD-ROM into a computer" - so disable the ability to boot from a CD (or floppy for that matter) in the BIOS.
There are much worse things people can do if they've got physical access to your computer - pull out your hard disk and put it into their machine and they've got full access too. There's only so much you can do with the recovery console - I'd be just as worried about someone booting a Knoppix CD (well worth a look incidentally), that'll read NTFS partitions regardless of file security settings.
... interesting read nonetheless though ...
Useless : if booting from a floppy or CD is allowed, just put one and reboot from the tower and it's done.
I forgot to say that when you're glueing the shift key, let some of the glue drip into the floppy and CD drives. (Sorry.)
Pete mentioned the only REAL solution - Full Disk Encryption with pre-boot authentication.
I would not use my XP machine without DriveCrypt PlusPack. DCPP is an excellent program - though pricey. However, anyone who has Drivecrypt 3.03 can usually get it for 1/2 price.
Still not cheap - until you add up the price of lack of protection.
I have been shocked when reading the different posts and wanted to see it myself.
Using a LINUX floppy disk on a PC with XP Pro SP1 + NTFS, all users are indeed listed for modification ! I choosed to modify the password of a user with Admin privilege. However, when saving the modification, the following message is displayed :
The initialization error may be due to a new password longer than the old one (?). Without this error, would XP really allow the modification ?!
I do it often on customers' machines when they forgot their pwd : I copy it and then reboot on Windows with the good one retrieved, I never tried to modify it.
You are right. It is not necessary to modify the password. Retrieve it is enough.
Separate names with a comma.