Boo Boo Foo: Sun Tzu once said not to attack your enemy, but to attack your enemy’s tactics. This brat is using standard cracker tactics to take the machine, so move the battle into a realm where infowar is meaningless. 
Password-protecting the BIOS will only work as long as someone doesn’t have access to the board, of course. Odds are if the son has time alone with the computer he can figure out how to use a screwdriver and reset the jumpers.
iamthewalrus(:3=: Only after he picks the cunning locks.
Indeed gentlemen… the Dad was so determined to stop this nonsense, today he actually put the PC in the trunk of his car and took it to work with him! Heh Heh Heh!
Also, it’s worth noting that, yesterday, when the son cracked the system, the Dad actually locked the chassis and took the keys to avoid walrus’s very valid point - namely, to prevent the son from tinkering with the jumper switches on the motherboard to prevent the default password system from kicking in. Still, the son beat it - so are we safe in assuming it was either a “DOS” bootdisk, or a “Windows 2000” CD ROM which allowed the backdoor weak point?
I’ve heard that if you boot an XP system with a DOS boot disk and then delete C:\WINDOWS\SYSTEM32\CONFIG\sam and then allow XP to reboot from the hard-drive, that XP rebuilds the sam file from scratch with default user accounts and no password protection? If so, that’s a pretty major security flaw too I daresay.
Boo Boo, you’ll find quite a few security flaws in anything Microsoft designs. Look at how easy it’s proven to create really nasty VB email attachments (CodeRed, anyone?). If the dad is really serious in securing his data, he would do well to switch to Linux, which is built on the UNIX model that has been a secure multi-user platform since 1970, and run essential Windows programs he can’t find Linux replacements for under WINE or an emulation system.
Linux might be able to resist the BIOS attack, on second thought: Unless the kid has a Linux boot disk (and they are easy to get if he knows that’s what he needs), he might not be able to read the file system (Linux uses ext2 instead of XP’s NTFS). I don’t think any MS-DOS floppy can read ext2 partitions without special software that would be tough to find (I’m guessing here), and, just maybe, Win2000 can’t, either. If you can’t read the filesystem, you can’t alter the contents of the drive. If you can’t alter the contents of the drive, you’re SOL as far as intelligent cracking goes.
He could just type format c:
I use explore2fs under W98/W2K, an user-level app to read ext2.
Also, a linux boot disk is not required to boot into Linux. Simply, pass the parameter “single” to LILO and voila! runlevel 2.
Gyan, it’s needed if you don’t have Linux installed on the system already. I’m assuming this is a WinXP single-boot.
Eh, no, that was really really stupid.
Damn.
OK, I’m assuming the kid doesn’t know that much about Linux.
(Security through obscurity sucks, but unless we can secure the BIOS, that’s all we’ve got.)
Just the other day, I was telling a friend how the kids and I were always fighting over which program to watch. I wanted I Love Lucy, they wanted I Dream of Genie.
Know what my friend said?
“This isn’t the fucking sixties anymore. Buy a second TV!”
Sorry, but some of the "another MS security flaw) stuff is just not correct.
Passwords etc. are part of Logical security, this controls access via the system itself (network, GUI, whatever). However, all computers require physical security as well. There is no commercial system that can’t be easily breached if you have acces to the actual bix etc… Its usually left that way in case all the passwords get lost.
In fact, for NT/XP etc. you can easily get software that you boot on another machine, that will mount the target computer’s disks across a serial interface but with your machine as the administrator!
I know that you can do the same (or similar) for all other OS’s.
-
Anybody who can get physical access to your machine can eventually do whatever they want with it. In particular, Bios settings will not work against a determined attacker, since the BIOS can be reset by someone with physical access to the machine. If Dad wants Son not to mess with his machine, he needs to say “You did what i asked you not to do”, and not allow him physical access to the machine ever again.
-
Renaming the root/Administrator account isn’t any sort of sufficient protection against password cracking. Only a fully nontrivial password on the top-level account is sufficient protection against password cracking. Whatever the maximum password length is for WinXP passwords, it needs to be that long, with the obvious tips about mixed case, numbers,nonalphanumeric characters, etc. applied intelligently.
-
Since the son is determined to be an ass, I’d advise making a backup of the entire disk image at some point (with a known-good, non-comproised permission setup). If he changes anything, just reinstall the disk image over it. Backing up personal documents is something you should be doing anyway, so you can restore those separately.
-
If the son wants a computer that he can do whatever he wants with, he needs to get his own damn computer.
This was a topic of this week’s Langa List:
I got tired of reading through this so I don’t know if this was mentioned or not. There’s a boot disk, easily obtained on the 'net, that will allow the user to boot a linux kernel and change any password on the system withouth needing to know the original. As long as you can boot to floppy it will work (and has saved MANY of my idiot users from needing an OS reinstall)
Here is a program for creating a (linux) bootdisk that can change any password on any XP or 2000 machine. Makes the whole process take just a couple of minutes. So you might want to consider disabling booting from the floppy as well. Perhaps this is what Meros was referring to as well.
BBF, if you want more info just use that spiffy XP: Start:H
Hit start, then H
In the Support system box that comes up input: Administrator
You’ll be able to practice around with it with tutorial topics & such.
You can always switch to boot from the HDD first in BIOS. That will fix a few things.
Not to disparage this whole male bonding thing, but why doesn’t the son just save up ~$400 or so and buy his own damn computer?
A boot disk can be defeated by setting a boot-time BIOS password. You have to enter the BIOS password to get to the point that a boot floppy/CD can be read.
Yes, you can defeat this by resetting the BIOS but, if you’re lucky, you can lock the case. My new case actually has a ring for a padlock. Add this to a cable-lock system to prevent the PC from being removed and it should be pretty secure.
-B
This seems like the exploitable hole to me.
Yeah. I fully agree with everyone who says the BIOS should be secured if possible, and I also agree that the kid needs some discipline in his life.
I don’t agree that buying a second PC would necessarily solve this. If the kid is determined to break a system and his dad’s is right there, he’s not going to pass up an easy mark even if he has his own to play with.
That, my friends, is the fundamental difference between hacking and cracking. Hackers are more interested in making the machine do neat things than in being total asses, whereas crackers can think of nothing better to do with a computer than making someone else’s life harder. There are grey areas, such as breaking security to fix the system, but this isn’t in any such zone: The kid’s an ass and will probably be an ass, regardless.