Possible Security Issue in Windows XP
This last weekend I needed to change the password on my aunt’s laptop running XP. I called a buddy of mine because he does this kind of stuff alot and informed me that if it was an XP laptop that I could boot into same mode, login to the Administrator account which by default in XP has no password and then go to the account manager and update the password for her account that way. I was stoked this took me no time at all, but the last time I had to do this it required booting into the windows install disc and it was kind of pain (as I would expect it to be). But it seems like any system that you pickup that has the administrator password blank is a bit of a security issue. I always set an administrator password when i used a PC (mostly because I always logged in as the Administrator), but i would doubt that most people setting up a system they got from best buy, hp, even dell would not think to setup an administrator password if they don’t use that account.
In OS X if you want to even use the root account you have to enable it in preferences and it forces you to set a password. That is a bit better on the security side of things I think.
This last weekend I needed to change the password on my aunt’s laptop running XP. I called a buddy of mine because he does this kind of stuff alot and informed me that if it was an XP laptop that I could boot into same mode, login to the Administrator account which by default in XP has no password and then go to the account manager and update the password for her account that way. I was stoked this took me no time at all, but the last time I had to do this it required booting into the windows install disc and it was kind of pain (as I would expect it to be). But it seems like any system that you pickup that has the administrator password blank is a bit of a security issue. I always set an administrator password when i used a PC (mostly because I always logged in as the Administrator), but i would doubt that most people setting up a system they got from best buy, hp, even dell would not think to setup an administrator password if they don’t use that account.
In OS X if you want to even use the root account you have to enable it in preferences and it forces you to set a password. That is a bit better on the security side of things I think.
December 7th, 2007 at 11:28 pm
Hey - Just wanted to point out that OS X has a similar ability:
If you hold Command+S at startup, it boots you into single user mode, aka root with no password. This single user mode is there for things like forgetting passwords, and fixing the system before you’re forced to do a complete reformat. If you want to disable this, just put an Open Firmware password on your computer by using a utility on your OS X install disc if you have administrator permissions. That disables single user mode and fire wire target disc mode completely — and if you want to boot up using a CD or boot camp you have to enter your password after you hold down option at boot up. You can also get rid of the firmware password later on to restore any of those abilities.
Hope you find this interesting.