digg

Facebook Connect Join Digg About
See the original image at techradar.com

Windows 7 Hack 'Cannot Be Fixed'

techradar.com 3KB of code is all that's needed to take control of your PC running on windows 7.

Who dugg this? Made popular Apr 24, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

155 Comments

show profanity settings
expand all
  • lithera, on 04/24/2009, -11/+210This "hack" requires you to have physical acces to the machine and cannot be done remotely. Which makes it that all bets are off really.

    If you have physical acces to a computer you can consider it compromised anyhow. No matter which os is installed on it.
    But I'm sure there will be a lot of Microsoft bashers who will love to hear this piece of non-news.
  • xmarkd400x, on 04/24/2009, -5/+88This is a non-story. Of course if you have physical access to a machine you can compromise it. Ever heard of a bootable CD or USB Drive?
  • geoken, on 04/24/2009, -2/+72So if a hacker comes over to my house and has free use of my computer he can mess it up. That's definitely a flaw in Windows.

    It's kind of like the flaw I just found out about in my car. Apparently Audi has no safe gaurds against a thief stealing my car by opening my unlocked door and using the keys I left in the ignition.

  • jman583, on 04/24/2009, -3/+64Dugg for being the only guy that commented and actually read the article.
  • ukblacknight, on 04/24/2009, -0/+48It amazes me the number of people that DON'T read articles! It clearly says that the attacker must be sat at the PC in order for this hack to work!

    I'm a Ubuntu guy, but don't start slamming Windows 7 because of this, its hardly a major flaw. I'd like to bet that Windows XP & Vista have much more severe flaws in their design than this.
  • MetalliMyers, on 04/24/2009, -1/+38The guy that made the hack says it can't be fixed. That doesn't mean it can't be fixed.
  • ukblacknight, on 04/24/2009, -2/+36If you bothered to read the article, you'll see that the attacker must be sat at your PC in order to do it, the headline made it sound much more serious.
  • ylikone, on 04/24/2009, -2/+30You are exactly correct. While I am a Linux user, I can't fault Windows for being vulnerable during boot up... if you have your CD/DVD rom set as a boot device on your computer, then ANY system can be compromised. The current media hype about this is just plain stupid and ignorant.
  • serp, on 04/24/2009, -0/+24I'm primarily a Linux guy myself but come on...
    If you have physical access to the machine then you won't need this "hack" to get whatever you want off it.

    Booting up a live cd and mounting the drives will work for both Windows and Linux.

  • cyrusuncc, on 04/24/2009, -3/+26thanks for nothing. It's not like this "hack" lets you get any admin privileges on the domain. This isn't much better than ntpasswd.
  • ylikone, on 04/24/2009, -0/+16I run Ubuntu... and it's great. But don't expect that your computer will magically be safe from people booting CD/DVDs in it because you run Linux.
  • geoken, on 04/24/2009, -3/+19Good idea since your password in Ubuntu is impossible to bypass.
  • smacksaw, on 04/24/2009, -1/+17Boot from CD-Rom
  • adml_shake, on 04/24/2009, -2/+16How is this overly defensive for windows? This is true for any machine running any OS. Linux, OSX, Windows, it doesn't matter. If someone gets physical access to it you don't wonder if someone has compromised it you assume that they have.
  • norman619, on 04/24/2009, -1/+14This "hack" requires physical accessto your system. If you can't trust the people you live with then I'd say you have bigger problems than your OS.
  • iopasd, on 04/24/2009, -1/+12Good luck with that
  • inactive, on 04/24/2009, -0/+10You can always use TrueCrypt to encrypt your hard drive.
  • tulizx, on 04/24/2009, -0/+9Read the article before jumping into the wagon moron.
  • K5Fury, on 04/24/2009, -4/+13No...what's scary is that you can change an admin password on a Mac with just an OS install disk. But then again, why would you hack into a Mac anyways??
  • zwaldowski, on 04/24/2009, -0/+9This type of hack can be done to any machine... it's a memory modification via USB that requires physical access.
  • paterade724, on 04/24/2009, -1/+9RTFA before you post
  • norman619, on 04/24/2009, -0/+8If someone has your laptop your ***** will be compromised given enough time and effort if the ***** in your laptop was worth the effort no matter what OS you use.
  • gingerboy, on 04/24/2009, -0/+8Non story - physical access to a PC = compromised!.....END OF ARTICLE!!!!!

    How has this been published/got to the front page of Digg?
  • natecope, on 04/24/2009, -0/+7If you're sitting at the machine, it's already compromised.
    This is by far the most uninformed piece of writing I have ever read...
    If TechRetard had any respect before, it has none now.
  • lizard450, on 04/24/2009, -1/+8Really this isn't a big deal. This has been the case from the dawn of the PC. If you have physical access to the computer you can boot with whatever OS you want from the BIOS and with a CD or floppy. Then you can access any file you want. Or you can steal the harddrive put it into another computer and presto same thing.

    So.. you have a few routes you can take.
    1. increase security regarding physical access to the system.
    2. encrypt the hard drive, if this hack works against an encrypted Windows 7 System then its a software issue and it CAN be fixed.
    3. rig your case such that if tampered with incorrectly that thermite will destroy your harddrive.
    4. rig your bios to detect unauthorized use and rig the thermite to go off in that case too.
  • norman619, on 04/24/2009, -3/+10I expected this kind of ignorant comment from you based on your past ignorant anti-MS comments.
  • geoken, on 04/24/2009, -1/+8Also, this exists for XP.
  • smacksaw, on 04/24/2009, -1/+7Well, I'm sure the developer community will get right on that and get a fix uploaded to the repositories right away.
  • inactive, on 04/24/2009, -0/+6It's really stupid and ignorant when someone says that something "cannot be fixed".

    Of course it can. It's code, it can be patched. It's not like some self-aware being that refuses to take its pills.
  • Laminarcissus, on 04/24/2009, -0/+6And for some reason I was expecting Digg users to read the article and only comment if they understood what they read.

    We're all ending up disappointed today.
  • moxley, on 04/24/2009, -0/+6Lame fearmongering over a boot scenario... because people who aren't very technically literate will read the headline and think "oh, Windows 7 is insecure and already compromised.."

    But this is a boot hack that requires you to have physical access to the machine - and if I have physical access to a machine I don't care what kind it is, sooner or later I could get to the contents on the drive, in 99% of cases quite quickly, via removing the drive, or a boot disc - and the only thing that would stop someone from reading that data is if it's encrypted - but this is such a non-issue because if someone who wants to hurt you or rip you off has physical access to your machine then youre ***** already..
  • alanic, on 04/24/2009, -1/+7do you guys think your xp box can't be compromised by someone with physical access to it?
  • anklebiter, on 04/24/2009, -0/+6Buried for calling an exploit that requires physical access to the machine a "hack".
  • lazlonger, on 04/24/2009, -1/+6Except that this "vulnerability" is true of all OS's. If you leave your front door open and allow criminals into your house, they WILL take things and mess you up. Why is this so hard for people to understand?
  • Zyphron, on 04/24/2009, -0/+5Easy:

    1. Search on Google
    http://www.google.com/search?rlz=1C1GGLS_enUS291US ...
    2. Follow Instructions
    http://forums.cnet.com/5208-10149_102-0.html?threa ...

    In fairness, this was the fourth link down, so you might have to work at it a LITTLE bit.

  • inactive, on 04/24/2009, -1/+6Article fail. Windows is not the most secure machine on earth but cut it some slack in this scenario. If I had a hold of a mac or linux box I could crazy on it too.
  • eaburk, on 04/24/2009, -0/+5you can also take the battery out of the motherboard to reset the bios password
  • ezflip, on 04/24/2009, -0/+5Buried as "Ok, this is lame"
  • MikeSD34, on 04/24/2009, -1/+5With hardware access you can either drop the drive out, or boot up off an external device, and with access to the file system install software like a key logger or other software which can essentially grant you total access to the system.

    Hardware access is the ultimate win because there's an almost infinite amount of things you can do with it to get information off of or on to a computer. This is just one method of exploiting it.

    There are things you can do to protect some of your information, like storing them on an encrypted drive but if your hardware isn't secure, than typically your system isn't secure either.

    And for the record, you can in fact reset (and even recover) passwords from XP with a special boot disc. To say that this type of vulnerability (with hardware access) doesn't exist in earlier systems is patently false.
  • inactive, on 04/24/2009, -0/+4Exactly. You can just install another OS and read the drive using it.
  • Laminarcissus, on 04/24/2009, -2/+6Take out the drive and read the data on another machine.
  • venomoushealer, on 04/24/2009, -0/+4Its almost like we should be...responsible for how we use our computers?

    No, certainly that's not the answer. There MUST be another way.
  • djauto23, on 04/24/2009, -0/+4Can't one passwordprotect the bios, and turn off booting from anything but the HD?
  • computershack, on 04/24/2009, -0/+3How many real servers do you know that you can just walk in as a random person on the street and get physical access to?
  • brickbat, on 04/24/2009, -0/+3I think you could do the same thing in Ubuntu with physical access to the machine.
  • digitalpencil, on 04/24/2009, -0/+3^ As an honest curiosity, how would you go about resetting passwords to their original state?
  • ukblacknight, on 04/24/2009, -0/+3I'd like to think of it at someone tampering with the engine whilst the driver is starting the car up.
  • Zyphron, on 04/24/2009, -0/+3@digitalpencil "Previous iterations of Windows, OS X and *nix do not have this vulnerability. "

    Yes they do. There are a ton of freely available boot CDs out there to do just that. I have used them several times when we forgot/did not know local passwords to boxes. As lithera said, this is non-news.
  • Stalks, on 04/24/2009, -1/+4No need to touch the inside of the comptuer or insert any media. Boot into single user mode and change the root password.
  • sparkymat, on 04/24/2009, -0/+3Doesn't Ubuntu let you encrypt your home directory?
  • Fetching more discussions...
    Show 51 - 100 of 158 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.