2
Apparently a password protected copy of Windows XP can be easily hacked using methods like this one:
Can anyone inform me how to protect my data from this type of attack?
Thanks!
Edit: Limiting physical access to a laptop is not a feasible security solution! Theft may still occur.
Django Reinhardt
Posted 2011-03-07T18:25:11.533
Reputation: 4 183
9
A good way to protect against this is to encrypt the contents of your hard drive using an application like TrueCrypt and setup a password. This would mean that even though this program is bypassing Windows, TrueCrypt will encrypt the drive, and they must know that password to work around that.
While this will mitigate the attacks, it isn't fool proof as there are some known attacks against TrueCrypt as well.
vcsjones
Posted 2011-03-07T18:25:11.533
Reputation: 2 433
5
Like the others already pointed out, once somebody has physical access to the machine, there's not much left you can do. If the attacker intends to screw you, he can still damage your data. But if it's your secrets you worry about, encryption is the way to go.
This attack (it's not a hack, BTW), aims at the user password and the built in file encryption of Windows. The only way to protect yourself from this kind of attack is to fully encrypt the operating system installation. You can do this using TrueCrypt.
datenwolf
Posted 2011-03-07T18:25:11.533
Reputation: 276
3
This "hack" requires physical access to the machine. To prevent this sort of attack, do not allow people to have physical access to your computer.
Gabe
Posted 2011-03-07T18:25:11.533
Reputation: 176
1Yep, and short of encrypting the entire filesystem, it is impossible to prevent an attack if someone has physical access to the computer. – Byron Whitlock – 2011-03-07T18:29:49.700
1Limiting physical access to a laptop (or any computer) is not a feasible security solution. In the same way as someone asking how to prevent themselves being attacked externally would not find the advice, "unplug your computer from the internet", in any way useful. – Django Reinhardt – 2011-03-07T18:35:37.593
3
Physically secure the machine. Physical access pretty much means owned. Bitlocker, in Vista+, significantly mitigates these risks though.
On XP Pro you can also use EFS, but in non-domain environments that's basically a recipe for locking yourself out of your own files more than anything else.
Mark Sowul
Posted 2011-03-07T18:25:11.533
Reputation: 2 877
This is specifically an XP hack, though, so probably using any different OS will prevent this attack. – Gabe – 2011-03-07T18:31:45.873
If you have a way of guaranteeing that none of your property will ever be stolen, please let me know. I'll cancel my insurance. – Django Reinhardt – 2011-03-07T18:48:08.920
1Obviously you can't stop your property from being stolen, ergo you can't stop your data from being stolen. Even without this "hack" any unecrypted data can be easily accessed just by putting the hard drive into another machine. Using another OS cannot prevent this from happening. Therefore you must encrypt the drive. – Mark Sowul – 2011-03-07T19:14:27.710
Your answer still suggests "physically securing the machine", which by your own admission is like suggesting, "prevent your data from theft". If I could secure something from theft, I wouldn't need help! Apart from that, thanks for the rest of your answer, it's very helpful. – Django Reinhardt – 2011-03-08T03:56:55.800
1I can't help that you find reality unpalatable. I'll spell it out again: if someone has physical access to unencrypted data then they have access to your data. You can negate that by changing either antecedent: physically secure the data or encrypt it, which is what I meant by Bitlocker. I personally am not a fan of TrueCrypt because it's vulnerable to pre-boot attacks since it doesn't use the TPM chip, but that's just me. – Mark Sowul – 2011-03-08T14:16:42.043
3
If someone can do this attack, then he already has all your data. He can't log in, but he has access to the system.
The only prevention is limiting physical access to the machine (as others specified) or encrypting the system.
Let_Me_Be
Posted 2011-03-07T18:25:11.533
Reputation: 1 364
2+1 because this is the correct answer. While the OPs objections that he can't prevent the machine from being stolen are totally valid, the fact remains that in the event the machine is stolen HE ALREADY HAS ALL YOUR DATA. You need to keep him from being able to actually USE it, which means encrypting it. And the question is worded as "How do I prevent this kind of attack", the answer to which is "Don't let somebody steal your machine". Nobody said it was PRACTICAL. – Shinrai – 2011-03-07T18:53:40.770
Why would anyone find impractical advice useful? Offering impractical advice is akin to trolling. Here's some more impractical advice: Write your own OS, with your own security, so people will be unprepared if they attempt to hack it. Or how about: Don't use a computer, teach yourself to improve your memory, and never make notes. Or: Develop your own secret language, so that even if they get your data, they won't understand it. Of course there's always: Move to the moon. The whole point of these help-forums is to find PRACTICAL advice. – Django Reinhardt – 2011-03-07T19:06:00.367
@Johnny W - You asked a specific question. It was answered. The whole point of these help-forums is to find correct answers to questions. I see a lot of questions where people mean one thing but ask another and then are surprised when they don't get the answers they're looking for...just trying to help out. – Shinrai – 2011-03-07T19:57:26.923
@Johnny You seem to misunderstand the concept of preventing physical access. That doesn't mean that no one except of you can touch the machine. It means that you are the only one that can gain physical access to the device on the hardware level. If you prevent booting from other devices than you hard drive and prevent the removal of you hard drive from the machine (without damaging/erasing the drive for example), then you are just fine. Physical access prevention is actually much more important for devices like laptops then for normal machines BECAUSE they can be stolen. – Let_Me_Be – 2011-03-08T10:00:15.697
@Let_Me_Be, I'm sorry, but I think it's you who misunderstands what we're talking about here. Even if that's what YOU meant, you specifically make reference to other contributor's answers. This includes things such as: "To prevent this sort of attack, do not allow people to have physical access to your computer." Your answer makes zero sense on a different level, because even if you actually did mean to suggest securing the device "at a hardware" level, your one example would not mitigate this attack in any way(!). – Django Reinhardt – 2011-03-08T13:47:47.887
Also, here's a great definition was "physical access" means on an IT security level: http://en.wikipedia.org/wiki/Physical_access You'll notice that we're specifically talking about preventing people having physical access to the machine. Quote: "IT security standards in the United States typically call for physical access to be limited by locked server rooms, sign-in sheets, etc."
– Django Reinhardt – 2011-03-08T14:02:33.517@Johnny And that's exactly the point. Since normal machines don't generally employ any type of type of protection, anyone with physical access to the device can do anything (just by rebooting with a CD / USB key). What you don't seem to understand is that limiting physical access to the device (either using hardware [locked room, special cases, ...] or software solutions [encryption]) is the key. Once someone has physical access, you are done. He has your data, and the fact that he can't log in is irrelevant. – Let_Me_Be – 2011-03-08T14:30:52.650
No, this is what you don't seem to understand: Encrypting a harddrive does not fall under "limiting physical access" in a security context. – Django Reinhardt – 2011-03-09T14:10:28.903
Here's a proper answer to this question: http://security.stackexchange.com/questions/2463/stopping-someone-with-physical-access-from-hacking-a-windows-xp-account-password/2466#2466 (Note that an editor changed the title of the question after all the answers had already been submitted.)
– Django Reinhardt – 2011-03-09T14:17:16.103
2"Limit physical access" is the only correct answer to "how do I prevent this type of attack", regardless of feasibility. If you want to know how to protect your data in the event that you suffer this kind of attack, you should ask that. (Of course, all the answers are correct in suggesting full disk encryption.) – Shinrai – 2011-03-07T18:55:30.177
Edited the question to satisfy the pedant. – Django Reinhardt – 2011-03-07T19:08:35.823
@Shinrai, So if someone said: "My friend's computer was hacked by someone on the internet. They port-scanned his machine and found a vulnerability. How can he prevent this type of attack?" Your answer would be: "The only correct answer is for your friend not to connect his machine to the internet." – Django Reinhardt – 2011-03-07T19:13:33.490
2Keep in mind that how to protect your data (as the question currently reads) is a very different question from how to prevent the specific attack (as the question originally read). – Gabe – 2011-03-07T19:50:54.713
1@Johnny W - No, that's not the correct answer in that situation (the correct answer to "you have an application that has a specific vulnerability over an open port" is "close the port/change the application/filter it at the firewall level/etc"), but I see what you mean. See my comment below. – Shinrai – 2011-03-07T19:59:41.883
@Shinra, Actually it's precisely the same situation. I'm asking about a SPECIFIC type of attack. The only difference is that one is remote and one is local. The original question read: "Can anyone inform me how to prevent this type of attack?" You and Gabe can go ahead an upvote each others answers, but it doesn't make them any more useful or right. – Django Reinhardt – 2011-03-08T03:52:54.947