Re: Windows Server 2003 - Not secure from my test but OSX from Mac is secure from the start

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2003-09-18 Jimi Thompson wrote:
> > There are so many tools out there that can reset the Administrator
> > account with console access to Windows that _no_ Windows machine is
> > safe if it is not physically secure.
>
> A prime example of this can be observed by booting a Windows XP
> machine off a Windows 2000 CD.  Windows 2000 "assumes" that the SAM is
> corrupt and allows you to fire up the recovery console to pull off
> just about anything you want including stuff off the encrypted
> partitions.

What else should it do, if it can't read the SAM? Deny access? That
would render the recovery console useless in case of an actually
corrupted SAM.

> Another example of this are the Linux boot floppy utilities that
> actually 1-  reset the Admin password to the one of your choice  2-
> allow you to select one or 3 - allow you to dissect and decrypt the
> SAM. This is why so many of the remote management "disk-less floppy"
> utilities make me nervous.  Now I can use "password recovery"
> utilities over the wire.
>
> Just what I needed - SOMETHING ELSE to worry about......

With someone having physical access to the machine there is absolutely
*no* difference of any significance between Windows, Linux or OS X. You
don't have a point.

Regards
Ansgar Wiechers

---------------------------------------------------------------------------
----------------------------------------------------------------------------