Windows 7 Huge Windows 7 security issue!

Discussion in 'Windows Security' started by addekung666, Jun 7, 2010.

  1. addekung666

    addekung666 New Member

    Joined:
    Jun 7, 2010
    Messages:
    4
    Likes Received:
    0
    Ive searched the internet for this but it doesnt seem that anyone has written anything about it.

    At windows 7 boot while the "wait" message is displayed, just before the "enter password" appears you can press CTRL-ALT-DELETE.
    This brings up the "Lock computer" choice.
    If you select "cancel" you will get to the desktop directly WITHOUT ever entering the password....

    This seems like pretty big security problem. How could this be missed???
    Anyone seen this?

    // Addekung
     
  2. Mitchell_A

    Mitchell_A Excellent Member

    Joined:
    Feb 7, 2009
    Messages:
    5,068
    Likes Received:
    240
    Has this been confirmed working?
    That's some pretty serious stuff..
     
  3. john3347

    john3347 Extraordinary Member
    Premium Supporter

    Joined:
    Jan 12, 2009
    Messages:
    1,023
    Likes Received:
    36
    I think this is old info



    There was an issue similar to this that got some limited attention about the time of transition from RC to RTM. I am not sure if this is the same issue or not, but it is similar. I saw it as a HUGE security issue because it appeared to me something that could be exploited by the nighttime cleaning lady, your co-worker who works a different shift from you, and anyone else who has physical access to your computer when you are not present. I attempted to point out in a post or two in this forum what a serious security risk this vulnerability appeared to be. I was pretty much "poo-poo'd" by other forum posters for my suggestion that this could be a serious problem. I am retired and live alone and I am the sole user of my computer and if someone breaks into my house, they will have total access to the computer to steal it and take it with them and "learn my deepest secrets" by other methods so the issue didn't really affect me. I dropped my insistence that this was a vulnerability of a HUGE magnitude that you now recognize and I have heard no more about this issue until now.
     
    #3 john3347, Jun 7, 2010
    Last edited: Jun 7, 2010
  4. addekung666

    addekung666 New Member

    Joined:
    Jun 7, 2010
    Messages:
    4
    Likes Received:
    0
    The computers and the operating systems are from december 2009. They continuously use windows update so this method shouldnt work.
    However, the fact remains, i dont need my password to work with my computers.

    Im going to verify this with my coworkers computers to see if it is a general problem.
    I find it very strange that i dont find any info on this issue somewhere else.

    One important thing to point out though, when the computer is fast, the "waiting" screen sometimes just flashes by and the opportunity to enter CTRL-ALT-DEL never appears.
    On slower computers and computers that load alot of info at startup, it always does.
     
  5. john3347

    john3347 Extraordinary Member
    Premium Supporter

    Joined:
    Jan 12, 2009
    Messages:
    1,023
    Likes Received:
    36
    Please report back


    For reasons described in my last post in this thread, I don't use a login password and cannot test this myself. After you do some experimenting, please report your findings back to the forum.
     
  6. Agent Data

    Agent Data Banned

    Joined:
    Jan 9, 2010
    Messages:
    918
    Likes Received:
    42
    No such issue here - I got 2 user accounts on the login screen so no way to fall back on a (which) desktop. There is no "waiting" here either the screen stay black until logins come up.

    Maybe only affecting single accounts?
     
  7. sgtryan

    sgtryan New Member

    Joined:
    Jun 8, 2010
    Messages:
    12
    Likes Received:
    0
    Yah doesn't work for me either.
     
  8. Veegertx

    Veegertx Honorable Member

    Joined:
    Nov 19, 2009
    Messages:
    444
    Likes Received:
    19
    No issue here with single
     
  9. john3347

    john3347 Extraordinary Member
    Premium Supporter

    Joined:
    Jan 12, 2009
    Messages:
    1,023
    Likes Received:
    36
    Perhaps this whole issue is a joke dreamed up by someone with too much time on their hands and has just been circulating around the internet for the past several several months!?!?!? If no one can duplicate it, it must not be much of an issue.
     
  10. Mitchell_A

    Mitchell_A Excellent Member

    Joined:
    Feb 7, 2009
    Messages:
    5,068
    Likes Received:
    240
    I agree with john3347,

    The only imaginable way I think it could possibly be reproduced is on a very slow system, during which the login screen goes through the several stages very sllloooowwwwlllllyyyyyy

    Might have to dig out an old laptop and check it out ;)
     
  11. Veegertx

    Veegertx Honorable Member

    Joined:
    Nov 19, 2009
    Messages:
    444
    Likes Received:
    19
    That or someone Vlited or similar, removed too much and bang
     
  12. Celestra

    Celestra Former Moderator

    Joined:
    Jan 15, 2008
    Messages:
    2,468
    Likes Received:
    14
    You may have a permissions problem. There is a file that can be used to diagnose what's going on. It is called the (subinacl.exe) I would only suggest using it with a qualified "Windows Professional" because all your security data can be examined.


     
    #12 Celestra, Jun 23, 2010
    Last edited: Jun 23, 2010
  13. john3347

    john3347 Extraordinary Member
    Premium Supporter

    Joined:
    Jan 12, 2009
    Messages:
    1,023
    Likes Received:
    36

    So does this mean that is conceivable that a co-worker - or the nighttime office cleaning crew - could gain unauthorized access to your password protected computer? If conceivable, is it reasonable for someone who is issued a "work" computer and must leave it unattended for some number of hours each day to be quite concerned for their sensitive information?
     
  14. john3347

    john3347 Extraordinary Member
    Premium Supporter

    Joined:
    Jan 12, 2009
    Messages:
    1,023
    Likes Received:
    36
    I realize this is an old - and cold - thread, but I am just now finding new documentation concerning the subject flaw. Anyone who is interested may follow the link and make what they wish of the information.

    (I sincerely hope I am not offending anyone by posting this information.)

    John


    Win7: Security Hole 'Unfixable', Experts Say / Infopackets.com
     

Share This Page

Loading...