 |
| | |
Brian's Buzz on Windows has changed its name to the Windows
Secrets Newsletter. Get the latest high-tech tricks with a free
subscription. Click here to subscribe
|
|
|
 |
|
|
|
FEB. 13, 2003 - Issue 1
Thanks for signing up to receive the information in Brian's Buzz on
Windows. This monthly newsletter is one of the two new projects I
mentioned
recently in InfoWorld. The other is WinFind, which is described
below
in my Windows Gizmos section.
TOP STORY - info you need to make Windows work
XP passwords rendered useless
By Brian Livingston
Windows XP, which has been marketed by Microsoft as "the most secure
version
ever," has been found to have a flaw so bone-headed that it renders
passwords ineffective as a means of keeping people out of your PC.
Reader Tony DeMartino alerted me to the problem, which all administrators
of
Windows XP machines should immediately take to heart:
- Anyone with a Windows 2000 CD can boot up a Windows XP
box and start the Windows 2000 Recovery Console, a troubleshooting
program.
- Windows XP then allows the visitor to operate as Administrator without
a
password, even if the Administrator account has a strong
password.
- The visitor can also operate in any of the other user accounts that
may be
present on the XP machine, even if those accounts have passwords.
- Unbelievably, the visitor can copy files from the hard disk to a
floppy disk or other removable media - something even an Administrator is
normally prevented from doing when using the Recovery Console.
This problem is unrelated to a feature of XP that allows an Administrator
to
set up automatic logon when the Recovery Console is used. Even without the
Registry entry that enables this, XP is vulnerable. (For info on that
feature,
see
support.microsoft.com/?scid=kb;en-us;312149.)
Windows 2000, of course, doesn't allow Recovery Console users to access a
hard drive without a password, if one previously existed.
I notified four Microsoft executives of the XP flaw weeks ago, but haven't
yet received an official response. There's no Knowledge Base article about
it,
and there may not even be a good solution to the problem.
When I've spoken with Microsoft security pros about similar problems in
the
past, they've referred me to a company policy that says, "If a bad guy has
unrestricted physical access to your computer, it's not your computer
anymore."
That's all well and good - but the fact remains that Windows 2000 doesn't
allow
anyone with an old CD to get password-free access, and Windows XP
does.
My recommendation: If you use XP machines in open spaces, put the PCs
behind
a locked door or put a lock on the PCs themselves. The bad guys know about
this
flaw, and it's just one more thing for the good guys to protect
against.
To send me more information about this, or to send me a tip on any other
subject, e-mail me at
Brian@BriansBuzz.com with "tip" in the subject.
FORWARDING INSTRUCTIONS - news gains value when it's shared
Please forward this information to your colleagues.
You are encouraged to forward this free newsletter to your friends and
colleagues. Please don't e-mail anything to anyone who hasn't previously
agreed to receive messages from you.
Because many e-mail programs don't faithfully forward messages in the
correct format to others, simply call people's attention to the
permanent Web address of this issue of the newsletter:
BriansBuzz.com/w/030213
WINDOWS GIZMOS - the best new stuff
WinFind, the Windows Tips Search Engine, is now online
Last June, I announced in InfoWorld that I was developing a new,
specialized search engine focused on trusted, reliable sources of detailed
Windows information. I asked readers for nominations
of places where such information can be found. Thousands of readers
nominated dozens of the best tips sites on the Web.
Now the effort has paid off. I've put the finishing touches on a free
service
called WinFind - the Windows Tips Search Engine - and it's open for you to
use
to solve your toughest problems.
I could go on and on about it, but it's better to let you try it for
yourself.
There's a minimalistic, one-line search box on my home page, of course.
But the
Advanced Search is so much more powerful that I recommend you always start
there:
BriansBuzz.com/search.
RECOMMENDED READING - no batteries required
The newest Windows manual that wasn't
The latest replacement for the manuals that Microsoft should have put in
the
box (but didn't) is Windows XP Pro: The Missing Manual. Its
co-authors,
David Pogue and Craig & L.J. Zacker, released the book just last
month,
long after XP shipped, but it still has a lot to offer harried XP users.
It's not the largest book at 658 pages, but it'll give you plenty of tips
to
use as you struggle with the Redmond software giant's latest operating
system.
More info
THE WEIRD WIDE WEB - playing for you the Internet's greatest
bits
You thought privacy was bad - now the Web can read your mind
A simple layout masks a devilishly psychic power at The Flash Mind Reader
page.
You're presented with a list of every two-digit number, from 00 to 99, and
a
set of corresponding symbols that represent each number. You choose a
two-digit
number, add the digits together, then subtract the result from your
original
number and concentrate - concentrate! - on the appropriate symbol.
When you click the magic crystal ball, the page reads your mind and
displays the symbol you were thinking of. Awesome! You have to try this
for
yourself - but not in a dark room...
The Flash Mind Reader
CLOSING REMARKS - the best is yet to come
That's it for this month. I have a lot of improvements I'm working on,
such as
enabling you to specify the default font size you'd like your personal
copy
of Brian's Buzz to use, and more. Stay tuned. --Brian Livingston
|
|
|
|
|
| |
|
|
|
 | |