snakeman21
July 25th, 2009, 06:05 AM
So I was talking to a friend at work today who is a Windows user, and we were talking about him keeping his seventeen-year-old son off his computer. This conversation strayed into general computer security, and he told me that he knew about how most people don't know about the hidden Admin account on Windows that is only accessible through Safe Mode. He was confident that his computer was secure, because he put a password on it. I told him no, his computer was NOT secure just because of a password. (Keep in mind that we're not talking at all about network security, just physical access to the computer.)
Any, he asked why, and I said that there were many ways to get through such passwords, such as password crackers. He had never heard of such a thing, and asked if I could come over to his house after work and help make him more secure. I said sure.
So I went over, and first demonstrated how someone could use Ophcrack via Slitex from a usb stick. He was shocked when his password was cracked in seconds. I said he could avoid this by making his password longer than 14 characters. We did this, and I demonstrated that Ophcrack would not work on such long passwords. He said, "So I'm safe now, right?" I was about to tell him yes, when I remembered about running Linux from a flash drive to access the hard drive of a computer. So I plugged in my flash drive with a persistent Jaunty installation and showed him how anyone could do that and mess with his hard drive, stealing and/or deleting crucial files. I told him this could be prevented by setting up a bios password, which would prevent the computer from booting anything until said password was entered. But then I thought, what if someone just opened the case and power-cycled the cmoss battery? That would reset the password!
I had never thought about all these things together before, and I came to the realisation that I, even though I am far from being an expert, could get into anyone's computer illegally. Is this true? Can anyone with a simple knowledge of computers get into my system in a matter of minutes when I'm not around? Or is there a level of security I'm unaware of? It really makes me uncomfortable, seeing as though anyone with a live usb or cd could instantly bypass any security measures, as long they knew how to power-cycle the battery.
Are we really this vulnerable???
Any, he asked why, and I said that there were many ways to get through such passwords, such as password crackers. He had never heard of such a thing, and asked if I could come over to his house after work and help make him more secure. I said sure.
So I went over, and first demonstrated how someone could use Ophcrack via Slitex from a usb stick. He was shocked when his password was cracked in seconds. I said he could avoid this by making his password longer than 14 characters. We did this, and I demonstrated that Ophcrack would not work on such long passwords. He said, "So I'm safe now, right?" I was about to tell him yes, when I remembered about running Linux from a flash drive to access the hard drive of a computer. So I plugged in my flash drive with a persistent Jaunty installation and showed him how anyone could do that and mess with his hard drive, stealing and/or deleting crucial files. I told him this could be prevented by setting up a bios password, which would prevent the computer from booting anything until said password was entered. But then I thought, what if someone just opened the case and power-cycled the cmoss battery? That would reset the password!
I had never thought about all these things together before, and I came to the realisation that I, even though I am far from being an expert, could get into anyone's computer illegally. Is this true? Can anyone with a simple knowledge of computers get into my system in a matter of minutes when I'm not around? Or is there a level of security I'm unaware of? It really makes me uncomfortable, seeing as though anyone with a live usb or cd could instantly bypass any security measures, as long they knew how to power-cycle the battery.
Are we really this vulnerable???