FDD, CD/DVD drives, *do have* access to the root of a hard-drive and the all important password cache. The difference is the manner in which interaction occurs. If via the GUI, winlogon.exe handles all logon sessions. If, as you correctly point out, a boot-disk of some form or another is used via either FDD or via an optical drive, root access (to the password cache) is by default. So, nothing in what i previously said was out of line - admittedly though, a little badly worded.
"...I think you need to go back to the primer yourself. "
No, actually i don't, but you could do with a reading comprehension class (or three). I said, *if* he could provide proof of concept, i'd re-tract - but that's now moot: since you've done it for him. Besides, i acknowledged the fact it was technically possible to do - i just haven't used a CD/DVD-version boot-disk password resetter - that's all you can get out of that point. Oh, and thanks for the link .. but i think i'll just stick to 'ethical' ways of logging into my system.
"Your statement here makes no sense whatsoever. Remove the FDD. Remove every single type of serial and port access to a Windows computer."
No, removing a FDD and closing access to vulnerable physical ports into a system is actually a basic, fundamental guideline for almost any "new millennium" networking environment. My whole point was *MITIGATION* - there's *no absolutism* in what i was pointing out. But, it's clear you prefer to nit-pick everything i say while trying to put words in my mouth.
"If I am physically present at the computer, I can reset your password(s) and gain access to the files. Having a floppy drive (or lack thereof) has nothing to do with it. The only way you'd keep me from getting/resetting the password and accessing the files is to encrypt the HDD itself."
Granted, yes, there is no real way of securing a computer in a situation where a cracker has 'physical access' to the actual box - barring locking it in a safe.
So, thanks for pointing out the obvious (again). But by flaming me, you've just managed to take the subject "way off" into left field. So whoopee-dee, *@#$ing doo! So you know how to hack a Windows system to change a user's password? So do i .. and so what?!? But completely missing the point (again), you read into what i said as being: complete, absolute and as standing completely on its own and take me completely out of any context. On all counts that just makes you "a little" fastidious - not to mention wrong.
So let's just step back and look at what *you're proposing*. We'll take a hypothetical situation: you're admin for a company with say, 500 employees and manage upward of 1000 networked PC's, printers, faxes, photocopiers, etc, etc. Would you try to *mitigate* the risks we've been discussing by removing FDD's and, for argument's sake, disabling local USB interfaces on all company workstations? OR would you you take your route && say "You know FIGJAM! I'm sooo good, i'm gonna leave FDD's, enable USB access to all staff and show them how i can hack their collective accounts to pieces using my knowledge of system account hacks. They'll all gush at how amazing they think I AM!!"
Seriously though, nothing you've mentioned is anything i didn't already know - barring having first-hand experience of a CD/DVD, system p/wd reset disk: though (once again) i did acknowledge it was certainly, technically possible - and in fact made available by one vendor or another - and in one form or another, as you pointed out.
My point (in general): remove FDD's (as just one example) - or for that matter, any other vulnerable points of entry into a network. Mitigating risks, to as high a degree as practicably possible, within a network - without adversely affecting functionality and operability of system services is a key point of systems administration philosophy. A primer on 'IS as a support role' might go a long way to getting that through your cranium.
Your point (in general): is to NOT mitigate points of least resistance in a network environment, but instead just parade around demonstrating how good you (think you) are and publicly try to score some petty points over your kiddie-hacking skills.
You obviously and completely read my entire post and made sweeping assumptions and presumptions about what i meant. All told, trying to insult my intelligence by rabbiting the obvious (over & over) doesn't gain you any credibility either.
You know, i'm not going to entertain your slant on what i posted for another second. Save the primers for yourself ... and don't lecture someone who actually works closely with corporate clientele .. on 'real mitigations' - on a regular basis - in a wide variety of business contexts.
Sinceremente
Intel might have the Core i7 and Core i5 range out, which in terms of performance leaves AMD in their dust, but this latest piece of silicon from AMD is just as influential.
