Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Aging Security Vulnerability Still Allows PC Takeover 282

Jackson writes "Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows' password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because 'Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn't want to cause any real trouble'. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website."
Data Storage

Windows Home Server Corrupts Files 459

crustymonkey points out a ComputerWorld article which says that "Microsoft Corp. has warned Windows Home Server users not to edit files stored on their backup systems with several of its programs, including Vista Photo Gallery and Office's OneNote and Outlook, as well as files generated by popular finance software such as Quicken and QuickBooks." Crustymonkey asks Don't back up your files to Windows Home Server, as recommended by Microsoft themselves? I'm not exactly sure what the point is in having a home server if you can't back up files on it."

AACS Revision Cracked A Week Before Release 346

stevedcc writes "Ars Technica is running a story about next week's release of AACS, which is intended to fix the currently compromised version. The only problem is, the patched version has already been cracked. From the article: 'AACS LA's attempts to stifle dissemination of AACS keys and prevent hackers from compromising new keys are obviously meeting with extremely limited success. The hacker collective continues to adapt to AACS revisions and is demonstrating a capacity to assimilate new volume keys at a rate which truly reveals the futility of resistance. If keys can be compromised before HD DVDs bearing those keys are even released into the wild, one has to question the viability of the entire key revocation model.'"

The BBC's Honeypot PC 344

Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.

The trouble with a lot of self-made men is that they worship their creator.