SecurityFocus On MS Security "Hole" 413
friday2k writes "There is an interesting writeup at SecurityFocus that puts the latest security 'hole' in XP into perspective. It is a worthy read and should remind us all of the real issues out there." And it collects into one place much of the flak I caught after posting about the claimed security hole opened by the XP Recovery Console.
So what? (Score:3, Interesting)
Ubiquitousness doesn't explain MS vulnerabilities (Score:5, Interesting)
That's patently untrue. It's a well-known fact [mi2g.com] that Microsoft's security problems are not due to exposure alone.
Microsoft's development model is fundamentally flawed from a security perspective, because it squarely places featureset additions above security. The corporate culture at Microsoft is and always has been more about gaining marketshare than about anything else.
It seems that there are differences in security, above and beyond the monopoly domination Microsoft enjoys. How many ISPs use FreeBSD to run their servers? Hmm.. I wonder if there's more to it than just speed and the fact that FreeBSD is Open Source.
I'm not alone in my assesment. There's this security guru named Bruce Schneier. Perhaps his name has crossed your desktop at some point. He's contemplating getting a Mac, because he is tired of hassling [siliconvalley.com] with security problems on his Windows machines.
Re:Ubiquitousness doesn't explain MS vulnerabiliti (Score:3, Insightful)
Re:Ubiquitousness doesn't explain MS vulnerabiliti (Score:5, Insightful)
Indeed. And not only featureset but usability and user-friendliness factor are also placed above security issues. :)
As a result we have a dominant OS that's insecure and a secure OS that's mostly unusable by anyone who is not a third generation sysadmin. In all that rush no one had the time to write an OS that's is BOTH secure and user-friendly. Flame away
Re:Ubiquitousness doesn't explain MS vulnerabiliti (Score:3, Interesting)
It's great that we have security. Most people won't mind security. Even Joe Sixpack seems to understand that security is generally good. Now, people are starting to get that Open Source is secure, stable, blah blah blah..
The thing with Linux (and probably BSD's though I don't have much experience there) is that most people that know what is a server, can set up a linux server. Even most of those people can keep their server relatively secure with security.debian.org and shutting down redundant stuff and such. But even many of those people are not willing to switch to Open Source on desktop.
As I see it. Linux IS decent desktop OS too. If you pre-install Gnome or KDE or pretty much anything else for someone, they will be able to use it. My girl-friend has no trouble at all with my wmx-based desktop, after about 2 minutes of briefing. But the thing is, once things get nasty on Linux desktop they often need even MORE experience with the OS than when running a server.
Once you have to touch the command-line, it can be a pain before you get used to it, but finding the relationships between the nice GUI and all the scripting and configs and stuff, is even more so.
No flames though, this is getting better all the time, I think, but the fundamental nature of UNIX as opposed to Windows seems to make UNIX easier for someone who knows what he's doing (like sysadmin or developer) while Windows is still easier for my mother, which unfortunately might have to mess with the network settings to read her mail, even if somebody assisted her by phone.
I'm currently doing a toy desktop OS with the idea of trying to combine the ease of use, even when going to system levels, with easy to develop with API, and strong security.. then again, don't hold your breath =)
Re:Ubiquitousness doesn't explain MS vulnerabiliti (Score:3, Interesting)
I realise that the sysadmin comment was facetious, but you *did* say flame away ;)
Yes, realistically, linux *IS* harder to learn than windows (learn, not neccesarily use). However, if you will settle for *only* using a windows-like interface, mandrake and lycoris are pretty damn accessible. Windows (in the easy-peasy sense of the word) is a *user's* operating system. Sysadmining isn't just point-and-sneeze in windows either.
Re:Ubiquitousness doesn't explain MS vulnerabiliti (Score:3, Interesting)
What does that article say? It says "Based on the number of vulnerabilities announced in 2002 that affect operating systems..."
Now, either I'm an idiot or that article is basing its results on REPORTED VULNERABILITIES. Might the number of reported vulnerabilities have something to do with how hard people ARE LOOKING FOR VULNERABILITIES?
The ONLY way to test the relative vulnerability of an OS is to do a thorough code review of each, or send experts on each into a room and ask them to find exploits (and both approaches won't even be that accurate).
Re:So what? (Score:2)
OS X and Linux have their fair share of holes but they are generally patched faster and those patches don't have to come in this crazy "Service Pack" form of update that fscks your system.
As opposed to... (Score:5, Funny)
As opposed to now, when all the good stories getting pushed off the front page by reposts, you mean?
Re:So what? (Score:5, Funny)
Gotta leave room for all the articles about toasters modified to run linux and whatnot.
Re:So what? (Score:3, Interesting)
If as many people tried as hard to find security holes in OSX or Linux, there'd be reports for those daily as well.
There are as many people. Only with respect to Linux, they tend to be the developers themselves. Thus, the problems are usually fixed before the official kernel (or whatever other product) is released.
Not only that, but if you fall victim to a security breach in an unstable or development version of a product, you were probably warned. I have yet to see an unstable or development release that did not include something to the effect of: "Don't use this if your data is particularly valuable to you."
It's different with products from companies like Microsoft and Oracle, because we are almost always talking about "stable and complete" products.
Open-source vs. Microsoft security? Apache vs. IIS (Score:5, Interesting)
It doesn't matter how many users it has because they users won't be looking for security holes in the first place. So if you put 10 Windows users in a room, none of them would know much about these things. Putting 10 Linux users in a room, and you increase the chance that you'll find a real hacker. I'm a Windows user myself, so I'm not trying to sound like an elitist bastard. I haven't even uncovered any security holes in my life.
But it is difficult to determine this case, as there are a lot of questions and too few answers.
Let us instead look at a piece of software where the numbers are reversed - where Microsoft's product has only a small part of the market.
I am talking about the open-source Apache HTTP server, vs. Microsoft's IIS.
Apache has 60-70 per cent of the web server market. IIS has less than 30 at the moment. Yet, despite these figures, Apache has had far fewer known security issues than ISS. How does this fit with your question? Obviously, there are a lot more eyes on Apache due to its large market share?
So how does IIS come out so crappy when it comes to security?
I think we can come to the conclusion that your "it's not as frequently used so very few are looking for security holes"-like statement simply does not make sense. It is a myth. FUD?
Re:Open-source vs. Microsoft security? Apache vs. (Score:4, Insightful)
I had mod points and was going to use them in this forum... but I just couldn't resist replying to your post because there just simply isn't any foundation to your claims.
The only thing that Apache lacks (and it doesn't anymore) is a good GUI configuration tool. Personally though, I always liked the direct editing of the config file anyway. I still do that even though the GUI is a very nice addon. I am not saying that IIS sucks and I am not saying that Apache is the coolest thing since sliced bread... all I am asking is for you to back up claims like that with real facts.
On another note. You might want to consider adding <br> tags to your posts when you want a new line. Makes it easier to read.
Best quote from the article (Score:5, Funny)
Now I can't get that song out of my head!
Ashcroft and Ridge need to know (Score:3, Funny)
Quick, make sure both Ashcroft and the Department Of Homeland Posturing know that anybody whistling Jimmy Crack Corn needs to be tackled at the knees!
Re:Second best quote from the article (Score:4, Funny)
Since when has accuracy been a concern to the editors at Slashdot?
Holy shit! (Score:5, Funny)
Re:Holy shit! (Score:4, Funny)
Yeah, I think the pigs are none to pleased about flying around and smacking into buildings. And I heard there was a mistaken delivery of 10,000 colocation air conditioners to hell...
Re:Holy shit! (Score:3)
by Anonymous Coward on Wednesday February 26, @04:41PM (#5389964)
"Can anyone who can't spell competent be regarded as an authority on the subject?"
Can anybody who isn't capable of registering with Slashdot be regarded as an authority on competency?
Nah, don't focus your resume on this... (Score:2)
I hate to say it.. (Score:5, Insightful)
.. but he is right about the physical security. Not long ago I walked a client several hundred km away through an OpenBSD boot via floppy so he could change his forgotten root password. I don't hear the masses screaming for Theo's head because this is possible.
Re:I hate to say it.. (Score:2)
As I said in a previous comment [slashdot.org], once the rumour gets out there, it will hit the media.
Re:I hate to say it.. (Score:3, Interesting)
Somewhat longer ago, maybe 10 years back, I was part of a small team running a booth at a trade show. The booth next to us had a couple of guys who had puzzled looks on their faces, so two of us walked over and asked if there was a problem. They had a Sun workstation that they couldn't get to work because nobody knew any passwords. I reached over, rebooted it into single-user mode, changed the root password to something they knew, then did a full boot, and handed it back to them.
The first thing one of their guys did was to change the root password again. And he didn't want us to watch the keyboard while he did it, so we couldn't see the password. We just looked at each other and walked off, trying not to laugh in their faces. "Uh, dudes; you just missed something important."
A couple of years later, Sun added the ability to have a single-user password, so our neighborly helpfulness no longer works. I wonder what a Sun customer does now if the only person who knows a machine's password is squished by a semi? Junk the machine?
There are some pretty silly "security" discussions going on.
Re:I hate to say it.. (Score:2, Insightful)
I believe that all vendors need to consider physical access issues. OpenBSD has made a start, in the sense that you can at least disable the vulnerability to which you refer. I would like to see Microsoft make some progress as well. I'm not going to run around screaming that the sky is falling, but I will take note of the vulnerability, and as a customer, I will let my vendor know that I would like a solution.
Re:I hate to say it.. (Score:5, Insightful)
Re:I hate to say it.. (Score:3)
In order to use the recovery console, you have to boot the machine, and make it read the CD-ROM or a floppy. The BIOS should prevent that.
For the record, I don't believe that just because physical access guarantees software access, I shouldn't worry about physical access. I have a bootloader password, and a recovery password. My BIOS is passworded and will only boot from the hard drive. Yes, this will prevent casual attacks. It will slow down real attacks. But it won't completely eliminate them, and that is what administrators have to know.
Re:I hate to say it.. (Score:3, Funny)
win2k console? (Score:5, Informative)
And all it allows you to do is copy files around. Whoopty do. Pop in a linux boot floppy with ntfs support and do the same thing, only easier (because the win2k recovery console doesn't support wildcarding; lame.)
Re:win2k console? (Score:2, Insightful)
I thought that one point that was made was that you could use the win2k recovery console on XP without having to reboot it. That is at least slightly different.
If any user was in possession of this recovery console, he or she could defeat the XP's multi-user environment while XP is still running. Moreover, it proves that it is possible for someone to design a tool that effectively bypasses XP's multi-user security *without* having to boot into a different OS and mount partitions from there.
Obviously, the risk is not as bad as some articles depicted, but it's not a non-issue either.
Re:win2k console? (Score:2)
That would be very bad.
Re:win2k console? (Score:2)
Too many idiots. (Score:5, Insightful)
Once the general populace knows about a problem, the media has to say something, because how would it look if they didn't report on a new trend? Suddenly everybody "knows" about the problem, even though it does not exist.
No, the problem is Microsoft (Score:3, Insightful)
Re:No, the problem is Microsoft (Score:2)
So... (Score:5, Funny)
(comment to be taken lightly. Should irritation persist, chill.)
Re:So... (Score:2)
Hmm. Whoever modded this comment as "Troll" probably didn't read the article.
The article basically says that the vast majority of Windows config stuff is in the Registry. The Registry cannot be read from the console. I think it's because it's binary, I've tried to do it before and no luck. So you really can't do a whole lot but dump files to a floppy or something with this console.
If the dude with the mod points had read the article, he probably would have found the comment rightfully amusing and not 'trolling'.
Re:So... (Score:3, Interesting)
No, I don't think so. I had the registry in Windows 2000 go corrupt once because I had a power failure while it was in the process of shutting down. Basically, the Registry was being edited and I guess the file didn't finish writing. I installed another instance of 2k in order to try to recover what I could, but I couldn't get Regedit to do anything but work on that installation's own Registry. What you're suggesting might work if somebody wrote their own Registry editing app.
"Unless the registry is actually encrypted, I don't see any real advantage to having it in a non-human-readable format."
It's in binary format, not in 'non-human readable' format. To be honest, I'm not sure why MS does it either. I would guess that there's an advantage of using a binary format over text format. Space maybe? If the registry is big, Windows is slow. Wish I could figure out how to compress the registry.
Anyhoo, this is all besides the point. If you have physical access to my computer, all you need to do is install another instance of Windows 2k or Xp and you have all you need to mess around with the files on it. You might even be able to recover passwords etc that way, not sure. It *would* be detectable though, unlike a CD boot.
In any case, this doesn't seeem like a huge security hole to me.
Re:So... (Score:3, Interesting)
(boot sequence)
Windows has detected an error in the system registry and is now restoring a previous backup.
Registry fixed. The computer will now reboot.
(boot sequence)
Windows has detected an error in the system registry and is now restoring a previous backup.
Registry fixed. The computer will now reboot.
(boot sequence)
Windows has detected an error in the system registry and is now restoring a previous backup.
Registry fixed. The computer will now reboot.
Re:So... (Score:2)
Re:So... (Score:5, Interesting)
Your choices after that boil down to - restoring from a backup registry and praying that it works, or reinstalling. The recovery console is a joke and a last ditch effort. The only times I've required it are when I foolishly marked my temp folder as encrypted and a service pack used it before peppering my system32 dir with encrypted files and during recent filesystem data corruption. On neither occasion was it particularly useful and I was sorely pushed each time to recover to a working system.
At least Unix gives you a fighting chance since configuration files are all individually named and occupy different places on the disk. It is quite possible to identify the precise problem and fix it if necessary. Those files might be messier, but at least its easy to back them up (since they're not 'live') and *much* easier to restore them. It is my opinion that the registry is quite possibly the most awful things about Windows, even before considering the mess of registry keys it actually contains.
WRONG! (Score:3, Insightful)
Actually, it is CRITICAL in one aspect.
If Avaya's security consultant Ken Pfeil is correct when he said:
"If the system is a member of a workgroup and not a domain, you can just change the user's password that the file was encrypted under," Pfeil said. "Then you can log on as that user having access to the encrypted file."
Then EFS is useless in the standard configuration for protecting hard drives. Specifically, hard drives on LAPTOPS, which frequently get stolen.
Most likely this is an IMPLEMENTATION issue, though, and NOT a "hole" in XP. It sounds like the certificate/key used for EFS is stored on the drive, and the password for it is tied to the Workgroup/Domain password. The certificate/key really needs to be stored on a USB key or other removable media, so it can be kept separate from the system.
Encrypting files/folders/partitions on hard drives is supposed to guard against exposure EVEN WHEN CONTROL OF THE SYSTEM IS COMPROMISED!
Case in point -- laptops. What is the point encrypting data on the drives if when stolen, the machine can be consoled and the password changed, opening all the files?
I do not know if you can move the certificate/key off to removable media. If you can, like I suspect, then it is an implementation issue and not a "hole". If not...
You are right in that it was overplayed as a major catastrophy, though. For almost all other cases, if you've lost control of the hardware, you're screwed.
-Charles Hill
Re:WRONG! (Score:2)
This has been known for "some time now".
Re:WRONG! (Score:2)
Re:WRONG! (Score:2)
To Quote Dr. Evil: Riiiiiiight. Who do we know that schleps a laptop around and has to pop in a floppy or USB keyfobb in to access their files who isn't going to leave that device with their laptop? I'll grant you that keeping your security keys on your 'real' keychain with a USB keyfobb is moving in the right direction, but the people that get those nice expensive laptops many times can't even be bothered to enter their password when the machine boots up / wakes up. You show me a CEO that could be persuaded to do what you're asking and I'll eat my socks.
Re:WRONG! (Score:2)
Re:WRONG! (Score:2)
Re:WRONG! (Score:5, Funny)
After seeing WinXP in action, I would tend to agree with the Win2k disk on its assessment...
Re:WRONG! (Score:5, Informative)
Problem is, we're talking about Windows XP, so Mr. Pfeil is wrong.
Assuming one can get Admin access to the installed OS (re-installing OS destroys access to EFS-protected files), resetting the password on WinXP in a Workgroup (as opposed to changing it) destroys access to DPAPI-protected keys, and hence access to EFS-protected files.
Win2000 EFS is vulnerable to this sort of attack, but not WinXP.
With WinXP, an attacker should endeavor to crack the user's password rather than change it to a known value. Even so, this attack can be mitigated by a) using strong passwords, and b) using SYSKEY to protect the SAM from offline attack.
Other notes:
1) EFS was principally designed to protect data when the hardware has been compromised, so the premise of this whole comment is wrong.
2) EFS is one layer of defense-in-depth. It should be combined with strong passwords, SYSKEY, and proper recovery key management.
3) Windows XP Key security is discussed here [microsoft.com].
4) EFS does not support keys on removeable devices as of WinXP.
No, You're Wrong! Learn Here Grasshopper! (Score:5, Informative)
In a domain, the Administrator account for the forest root domain is the recovery agent. Additional recovery agents can be assigned through the domain group policy object. The certificates are self-signed if no CA (Certificate Authority) is configured. Any recovery agent should export the private key to removable media and lock it up in a secure place and keep another secured copy off site. Delete the copy from the forest root's first domain controller.
On a stand alone server or workstation (Not a member of a domain), a self signed certificate is generated for use and the local Administrator account is the recovery agent. The private keys for the administrator and your own user account can be exported to a floppy or other removable media and deleted off the computer. Another copy should be kept in another secured location in case the first gets burned down, stolen, corrupt, etc. Make sure the floppy isn't in the laptop carrying case, otherwise, the theif will have your private key when he takes the whole bag.
Another important thing to note is that the document is decrypted in memory and a clear text copy isn't put on the drive. A hacker going through your drive, looking for deleted temp files will be wasting time. If you want to be extra paranoid, configure windows to clear the page file at shutdown.
For more reading:
Click Here [microsoft.com]
If you really want to learn this stuff, read this book. I found it to be extremely educational and was the only book to explain certificate server to me effectively.
Click Here [amazon.com]
-Lucas
Windows NT and 2000 MCSE
Re:Recommendation (Score:2)
Actually, EFS *might* be fine. And, PGPDisk *might* have the same problem, if implemented the same way.
What I recommend is the same thing the PGP/GPG people recommend -- keep your secret key on a removable device. For a laptop, something like a removable USB key. They are starting to get cheap, and you don't need a ton of memory. You can get a 32 Mb "pen drive" at BestBuy for $30.
Are u kidding? (Score:5, Funny)
Jornalistic integrity? Man which world do you live in?
Re:Are u kidding? (Score:2, Funny)
-- From everyone's favorite news outlet, The Register [theregister.co.uk]
Amen (Score:5, Insightful)
I have nothing to worry about.
Re:Amen (Score:2, Informative)
something personal? (Score:2)
I'm not, or at least I don't understand his passion and personal defensiveness. So a few blow hole Windoze rags got all excited? Could it be that those rags got upset because they actually think Microsoft "Security" is improving just like Bill Gates says it is? Why is Tim Mullen acting so offended? He wrote much of the article in the first person, using "I" no less than sixteen times. "Give me a break", he cries, "When banner ad revenue for a media outlet becomes more important than accuracy, it's time to find a new profession. " Is someone putting undue pressure on poor Tim? Like a major spnsor looking for damage control?
Others are pointing out that Tim might have gotten the bit about "administrator" access wrong and that's important. The administrator may have control of tools that conceal his presence in a way that makes it easier to alter the system. Undetected system alteration is more damaging than simply digging up data. It gives the perpetrator access to data present and in the future undetected. That's far worse than stealing a hard disk and a good reason to take the five minutes (typical M$ efficiency!) to boot that way. It also justifies the use of the W2K boot disk over a Linux disk, though it's nice of Tim to portray Linux as the ultimate cracker tool. The only thing worse than no security is security that impeeds and lulls the user but aids the cracker.
"What, me worry?"
who doesn't want this? (Score:5, Insightful)
No recovery console does not mean to bypass the password set by the administrator. It means to recover data that has been lost due to reason "foo".
While I don't see it as being that big of a deal, you could do it w/any OSs bootdisk I suppose (or even a LILO prompt on a Linux machine) I think it is an odd bit of information that should be known.
Re:who doesn't want this? (Score:2)
wow, I got to find password to my first account.
as sucker IS born every minute.
Media exaggerates! Fear at Eleven! (Score:5, Insightful)
Ignorant and afraid of terrorists? Watch Fox News.
Ignorant and afraid of hackers? Read Wired, or WinInformant.
Maybe we should be afraid of ignorance, instead.
Sounds like a really useful tool, (Score:5, Funny)
Re:Sounds like a really useful tool, (Score:2)
I found this part interesting (Score:3, Insightful)
Although the last part about whipping arouses me in a peculiar way, I'd much rather see Larry Ellison's claims being dissected and put into context. Sure they are a marginal player in most markets, but in the enterprise application business they really advertise aggressively and not so truthfully.
Seeing the tech press just relaying a story like this only confirms the notion that there are no journalists that understand tech, and no techies that understand journalism.
Oracle Bug Double Standard? (Score:5, Insightful)
In contrast, I know SQL Slammer was reported day-of. In this case, a free patch was available six months prior to the worm. And let's face it: if the patch is available but not applied, it's not Microsoft's, Oracle's, Linus's, or any other vendor's fault--only the SysAdmin in question.
One major difference was that SQL Slammer took out several networks, where Oracle did not have such impact.
To \.'s credit (and I'm going mostly off memory), but big critique was on the DB admins, not on Microsoft.
Re:Oracle Bug Double Standard? (Score:3, Interesting)
Not even MS keeps up with their patches so who are they to fault sysadmins for not doing the same..
Re:Oracle Bug Double Standard? (Score:3, Interesting)
Well, that all comes down to the basic tenants of unix. [camalott.com]
1: Use text files. Easier to manipulate and edit.
2: Make evry program simpele minded so the next stupid program can take over..
Chances are if something actually does break, you can easily regress because you know that programs dont squash each others' feet. You just back up the new configs, replace the old configs, and replace the old program. All in all, it isnt that hard at all.
In the MS world, things bumble over each other, configs are kept in a hard to control place (registry), and regressing certain server software is darn near impossible, without backups. Things are almost guaranteed to break in patches cause they usually add stuff in patches. Then the new+old stuff breaks. MS software is made easy for a limited set of users. Any user who "doesnt want it that way" has to hunt on Microsoft.com or call them up (heh). And chances are, there's bugs to prevent "that way".
Finally! (Score:5, Insightful)
And the fact that you can use the Win2k boot CD to log in without a password isn't a bug, or even a security hole, it's simply the fact that MS didn't require a password to use the Console in Win2k.
What do the critics want MS to do? Recall and patch every single Win2k boot CD?
does this mean (Score:2)
if so, it is an issue. espionage is a serious threat.
Re:does this mean (Score:2)
I guess if you really thought about it you could, but there are so much easier ways of doing it.
Re:does this mean (Score:2, Interesting)
It all boils down to... (Score:5, Insightful)
Re:It all boils down to... (Score:2, Insightful)
So you need access to our building, access to my server room, know the pin to the alarm system and know a user and password on the kvm.
If we wanted we could go farther and disable booting from floppy or CD and set a password on the bios and lock the rack door, but the first 4 layers seems to be enough.
That article is totally correct.
Re:It all boils down to... (Score:2)
ten-et (n):
An opinion, doctrine, or principle held as being true by a person or especially by an organization.
Re:It all boils down to... (Score:3, Funny)
We had a server come back to us for maintainance one time, and as I was picking thorugh the registry, I came across the entries for Diablo 2. Now, it occured to me that Diablo 2 generally runs in full screen mode, so how exactly was the guard monitoring the security system while playing?
Moreover, why in the world did the guard have access to the CD-ROM drive? There is no need for him to have it, the box itself should have been locked up, with the cables for the keyboard, monitor, and mouse coming out.
In the end, I sent the system administrator an email asking him to tell the guards to leave the game files on the system next time they send it in, so that I can play while I work. (They had deleted the files) Never did get a response, but I imagine that the SysAdmin wasn't happy.
No hole. (Score:5, Informative)
People fear the Internet and what a hax0r could do to their PC, but (as this article proves) give me physical access to your machine and I could do more damage to you than 99.999% of crackers ever possibly could - and that's only because I'm not enough of a bastard to [root@localhost
-Mark
I've. Been. Deceived. (Score:2, Funny)
This is too much. Let's hope it's not the start of a trend. Thank God I didn't subscribe.
Plausability Through Repetition (Score:2)
Microsoft has a history of having gaping security holes in their software. in this instance, a reported bug wasn't what it was made out to be. but I'm sure I'm not the only person who thinks that Microsoft and Security Flaw are nearly synonymous.
sweatyb
Tarnished Brand (Score:3, Insightful)
It depends. . . (Score:2)
What this means is that for servers, being able to elevate ones security level, even for people with access to the box, is not a good thing.
Re:It depends. . . (Score:3, Informative)
I've seen one PC based O/S do this correctly. OS/2. Don't laugh, but I learned the hard way one weekend at a finacial services firm. It seems the OS/2 HPFS386 (comes with OS/2 server) driver uses a combination ACL+Hardware code to encrypt the drive. We were upgrading an old server to a new one and just moved the data drive over to the new box. Nada, zilch, nothing. The computer saw the drive but none of the contents. It didn't matter what we did, (rescue disk, etc.) we couldn't see the file system.
To make a long story short (what was supposed to take two hours took eight), we had to put the drive back into the original box and run a special administrators tool (separate locked away disk) to remove the ACL's from the file system. Only then could we move the drive to the new server and re-apply the ACL's. Not a fun weekend.
Enjoy,
So what? (Score:5, Informative)
Are there any administrators out there that actually want a machine that is so secure that you can't get into it if you forget the password, even if you have physical access to the box? "Sorry. I can't remember the password to the file server so everyone's work had to be deleted. Have a nice day."
Straight from the horses ..... (Score:4, Insightful)
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. [microsoft.com]
I wonder if we could
Re: (Score:5, Informative)
This is desired administration behavior. The Win2k disc can't deal with the WinXP registry properly, so it goes straight to recovery mode. Recovery mode is pretty much useless to begin with, and you can't really do anything to a system in recovery mode
Besides, if you can physically walk up to the computer in question and boot it from a CD in your pocket, your security problem doesn't come from Windows - it either comes from a BIOS that doesn't support changing the boot order, or it comes from between your ears.
Re: (Score:2, Insightful)
Re: (Score:2)
This is only useful assuming that your BIOS is password protected AND/OR the person doesn't have physical entry into the case thereby allowing them to zap the BIOS parameters.
Re: (Score:2)
this is the kind of hole that people who perform espionage love.
Stealing a machine might make you a few hundreed dollars, getting usefull information on an regular basis is what will get you hundreds of thousands of dollars.
Re:Surprise! (Score:3, Informative)
So what's the deal? You see an article with "Windows" or "Microsoft" and "hole" or "exploit" or "fundies" and you automatically hit reply and type in some snively childish remark to whore some karma? Or are you just plain bored?
Re:Ummm... (Score:2)
Re:Ummm... (Score:2)
It's nice to meet someone around here with a sinse of humor. Welcome to my friends list!
Re:Tim Mullen (Score:3, Informative)
http://www.securityfocus.com/columnists/127 [securityfocus.com]
Re:Tim Mullen (Score:2)
I wonder if eating bytes makes you fat, because he must be eating his own words right now.
Re:Tim Mullen (Score:2)
Re:Tim Mullen (Score:5, Insightful)
I believe the rational way to view these types of articles is to look at what they're saying and actually stop to think about it, rather than flying off on blind tangents about bias. While it may be true that the author often defends Microsoft for whatever reason, this particular article is based on solid points that make a very compelling point on this specific issue.
Re:Tim Mullen (Score:3, Insightful)
If this were the worst "issue" with Windows security, nobody would use anything else. Nobody.
In my opinion, this issue isn't on the panic scale at all - it's on the "everyone that's worried about it is a fuckwit" scale, weighing in right around 9.5.
This article has nothing to do with being a windows apologist. This issue effects essentially ALL pc operating systems. Just last week i floppy-booted my openBSD machine because i forgot the root password, then changed it. Where is the media frenzy ? Where, as another posted pointed out, is the get-theo-lynchmob ?
AFAIK it's easier to totally circumvent ANY pc unix machine with a bootfloppy (unless its configured specially) than it is to use this recovery console trick to do anything of gain to a windows machine. what a fantastic showing by microsoft if this is worthy of harassment.. because the message is "you handle something marginally better than all other currently widely used OSes"
Listen, this is slashdot. It's ok (expected, even!) to hate windows and microsoft. But to be really effective, you should pick something worth being angry about. And if you can't find anything better to get concerned with than this, you really don't have much justification for concern at all (and you don't have much of a justification to comment on the matter, either)
Re:Tim Mullen (Score:5, Insightful)
I've just found a huge bug in Linux security! If you boot from a Linux boot disk, then you can mount the hard disk and read files off it! Linux security all over the world is compromised! No server in the world will ever be safe again!
Oh, and anyone who disagrees with this, or tries to use some kind of 'logic' or 'rational argument' to disagree is a Linux apologist.
Actually, this 'hole' is worse the one in Windows. Windows config data is stored in the registry, which is binary and so is much harder to manually edit than the plain-text files in /etc/ on a Linux box.
Re:Tim Mullen (Score:3, Interesting)
In other words...
"Since his comments are not anti-Microsoft enough you shouldn't listen to him, because it's more important to blame Microsoft than be right."
This is why I post to slashdot, to correct morons like this, and for that I am called an astro-turfer.
Re:Tim Mullen (Score:2)
Actually the way I read the statement was that if it WERE a Microsoft driver that hosed the registry, then you'd be hosed. Period.
Re:How to fix M$ security holes!!!11 (Score:2)
Step 3: boot from any Linux boot disk, because this entire thing presupposes you have physical access to the machine, and the floppy is bootable.
Step four: Mount the physical disks.
Step five: do whatever you want to the data.
Re:How to fix M$ security holes!!!11 (Score:2)
Re:Bzzzt (Score:2)
Re:I certainly do. (Score:3, Interesting)
They get Halloween and Christmas confused, because 31 OCT is 25 DEC.
(31 OCT would be 19 HEX)
Re:What do I care? (Score:5, Insightful)
So you're all for more articles making a big deal out "security holes" that aren't "security holes" at all?
Ever heard the fable about the boy who cried wolf? You should not support Microsoft-bashing for the sake of Microsoft-bashing when there's nothing behind it, it only lowers your own credibility. Focus on Microsoft's real problems.