“A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password,” Asher Moses reports for The Sydney Morning Herald.
“Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix,” Moses reports.
MacDailyNews Take: Give Microsoft a break; they were very busy at the time artificially plumping Intel’s numbers while covering their own inefficient, bloated code deficiencies by slapping misleading Vista-capable stickers on POS PCs that were exceedingly Vista-incapable.
Moses continues, “Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could ‘unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command.'”
“Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because ‘Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble,'” Moses reports. “But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.
Full article here.
@iLuvMyMacs,
BUT, it is much faster for a hacker to use this method than wait through an install.
I wonder if this could be used remotely if someone has a wireless hub attached (no subnet masking) via Firewire?
The funny thing about all the statements directed at me is that I am Apple everything at work and at home. iphone, macbook pro, macpro, macmini, itouch, Final Cut Studio, Logic Studio, cinema displays, new wireless keyboard, mightymouse. My kids all have ipods, my wife has a macbook air and iphone. And I sell, configure, and install NLE systems and XSAN configs.
I am an apple fan boy by definition. However, this site is ridiculously over the top with the snappy child like “takes” that go after anything non apple. Why bother calling it macdailynews? Why not just macdailyopinion or macdailyfanboy ? I get it apple pays the ad dollars, that doesn’t mean you need to interject ___into everything.
Can you imagine that a company would release system software that allows anyone free access to another person’s PC? That’s just ridiculous, that’s unforgivable, that’s crazy, that’s embarrassing,…
…that’s Apple Computer.
Careful, your thread ought to make Mac fanbois crap their skivvies while they stutter out some incoherent gibberish about OS X superiority over XP and Vista. If your Mac isn’t secure from intruders who cares about elegance and productivity?
Does this mean I’ll have to keep all my important files on a portable drive and lock it in a vault each night? How and when do you think Apple will fix this mess?
Cool! There are a lot of Window apologists who read the sight. Must be closet Apple envy.
opie:
Being a Mac user does not mean I cannot criticize Apple’s gaffes and goofs. I expect more out of Apple than leaving an open door to my Mac, your Mac, or anyone else’s Mac.
In fact, because both XP and OS X are susceptible to mischief then one has to conclude that there are more similarities (i.e vulnerabilities) between both OSs than most Mac users would prefer to have. In other words, OS X loses it uniqueness as a superior OS owing to being similarly susceptible to same security breaches as a PC with Windows or Linux.
That sucks, but fanbois are too biased and too ignorant to comprehend the magnitude of this problem.
Go somewhere else. If you’re happy with what you use, why troll here? Is it a cry for help? Do you injure small animals? Why can’t you stay on your side?
I have a PowerBook, and one of the first things I did was put a password on the firmware. Therefore, even if someone tries to access your hard drive in Target Disk Mode, they need your password.
http://docs.info.apple.com/article.html?artnum=106482
And from skimming the article and his webpage, it seemed to me to be pretty Windows-specific. Can someone point out the line that explicitly says Mac OS X computers are at risk? Thanks.
The problem is that I have to work with Macs, and worse, macfanboys everyday. The more I deal with the fanatics, the more I dislike the mac.
It seems the computers most affect by this are Apple’s Macs running Windows through Boot Camp. Every Mac (except the Air) has a FireWire port. A good reason NOT to run Windows.
@lord robin: Just double checking. You can use the MacBook with the cover closed and a keyboard and monitor plugged in? The unit does not sleep when the cover is closed?
Not when an external monitor and keyboard is connected. Although it’s also neat to have two monitors at the same time – something the MacBook can and the mini can’t.
@lord robin: I was looking at getting a mini and using a KV switch at work with the Dell that they make me use. This would be a nicer solution, to be sure.
Definitely!
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
@No macs for me
Umm the person has to have physical access to my machine and that isn’t going to happen anytime soon I’m not that stupid. And even if they have physical access there is nothing on my machine that they would want but if they want to waste their time go right ahead be my guest. Thats what backups are for
” width=”19″ height=”19″ alt=”smile” style=”border:0;” /> I would still take firewire over usb for file transfer any day.