February 2007 - Posts
Another contribution from Captain Obvious - I know Robert doesn't like the Windows Vista much but the Captain just felt this example of user foolishness was too good to pass up...
There is a serious bug found in Windows Vista Ultimate, which allow the user
to login in to Window Vista System without providing any credential. It just
requires the attacker to access the victim system, for the first time. To
gain access to victim system, follow these steps.
1) Open System32 folder of your windows.
2) Copy Cmd.exe, Magnify.exe and paste it in two different locations, for
safety purpose.
3) Rename the cmd.exe to Magnify.exe on the backup location.
4) Copy & paste the renamed cmd.exe to system32 folder, this asks for
replacing the Magnify.exe, just continue with replacing.
The Captain would like to point out that Step 4 requires you to be ALREADY logged onto the system you are attacking with administrator rights.
5) Now restart the system.
6) After restarting the system, the login screen will come, now select the
utility manager, which is on the below left on the screen.
7) Now check the Magnify check box, to open the Magnify.exe, but now this
will open the cmd.exe.
The Captain has just been advised by Lieutenant Deja-Vu that this is a re-hash of an old trick for breaking into Windows NT machines where one has 'forgot the password'.
7) In the command prompt, just type the explorer.exe, this will open the
explorer.exe, and desktop, without login in to the system. The user account
provided for login is the system account, so u can do anything with the
system.
You can also play with the windows registry, services, user account change,
and deletion of user accounts, anything you want.
I don’t understand why Microsoft is failed to look in to simple problems. This is the simplest way to hack the windows vista, without any detailed
hacking knowledge.
The Captain sez...
Arrgh! You already had admin access at step 4. You needed it in order to make changes to the \Windows\system32 folder as this is a protected part of the filesystem. If you already have admin access to the machine to complete step 4, why would you need to complete the rest of the steps?
The Captain has heard that if you get a windows Vista computer and put it in your
washing machine on hot rinse and a long spin cycle then neither the computer
or the washing machine will work properly afterwards.
This awful awful denial of service
attack against both computers and washing machines world-wide is clearly the fault of Microsoft and Captain Obvious demands an immediate policy and a software patch to fix this bug.
Ok, maybe this was funnier. But still...
Explain to me again how people fall for junk like this?
HEINEKEN BOTTLING BEER COMPANY .
{blanking this bit},
{funny, the address is at Stamford Beach},LONDON,
{postcode}. UNITED KINGDOM.
"Heineken Light" Promotion Notification.
Dear Winner,
This is to inform you of the Award of One Million Great Britain Pounds Sterling(1,000,000 GBP) from Heineken Beer Company Promotions. This promotional awardis to raise the profile of Heineken beer consumers males /females aged 18 to 65in rural and urban centers
The online promotions build email lists were generated from the World WideWeb.This promotion takes place annually to challenge and to take market share fromthe popular Dutch import beer. The tactics included liveevents, local campaignsand general buzz to establish the brand one neighborhood at a time in majorurban / rural centers
You as well as the other winners are therefore to receive a cash prize of OneMillion Great Britain Pounds Sterling (1,000,000 GBP), Your prize award has been insured with your e-mail address and will be transferred to you uponmeeting the requirements, statutory obligations, verifications,validations and satisfactory report.
Your Email Ref Number falls within our European booklet representative'sofficein United Kingdom . In view of this, your award ofOne Million Great Britain Pounds Sterling (1,000,000 GBP) will be released to you by our payment office in United Kingdom,Our United Kingdom Promotional Officer will commence the process to facilitate the release of your funds as soon as you contact him.Find the contact details below;
Mr. Sydney Morning Herald
Heineken Beer Promotional Officer.
Email: heinekenpayoffice@{well known spam haven}
Tel: +44{gonna blank this too}
And now a few words from my occasional co-writer, captain obvious.
"Home computer users who leave default passwords on network hardware unchanged could be at risk from attack say security experts." - the BBC, reporting on a Symantec / University of Indiana study.
Ummm. You think so, eh?
I'm really torn about this. Do I mock the obvious nature of the report, marvel that someone actually got paid to study this, as if the outcome was going to be in doubt, or do I pontificate on possible solutions.
In a turn-about from my usual response, I'll go for the latter. So what can be done here?
I suppose we could ask people to change their default router passwords. Of course, they might say "no". Or we could force them, and either watch them pick absolutely trivial passwords, or watch support costs soar as people lock themselves out of their routers, so we end up with a backdoor password needing to be installed to allow ISP or product support for these devices to fix the problem, and of course this password will get known... and someone else will be able to study the obvious problem this will cause and conclude that we should go back to how things are now.
To prevent spoofing attacks, the BBC says that one of the report authors suggests editing the DNS settings on LAN workstations underneath the umbrella of a router so that successful attacks on the router need not always cause problems for end users.
This sounds nice, and perhaps isn't bad advice for people who are up to the task of finding a DNS server on the internet and setting their machines up to use it, troubleshoot inevitable problems this might cause, etc. But I'm going to guess that the population set of people who understand DNS and the population set of people who understand why Routers need a good password are likely to be very similar, and not contain many of the sort of people who need the most protection here.
In all seriousness, if your home network (let alone, God forbid your business one) is using one of these routers, and it has a default password, you should go and change the password right now. Be sure to write it down somewhere safe and not stored on your computer if you think you might have problems remembering it. If you keep the box the router came in, or the receipt for the purchase, I'd suggest that on these might be the ideal place for a home users to make notes like this.
But as I've said before, normal people and "good password security" just don't mix. Perhaps it's time that the cheap USB storage devices that everyone seems to own 20 of these days were used as authentication tokens for things like this?
Editor's note: Captain obvious would like to thank his good friend Lewis Burgess for drawing the BBC article to his attention - Rob