Choosing Passwords

Here are a list of articles about password security that resulted from some recent research I was conducting.

Power User 111 – Windows Security Threat

Hack into a Windows PC – no password needed

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.

“If you have a Firewire port, disable it when you aren’t using it,” Ducklin said.

“That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can’t interact with your PC, legitimately or otherwise.”

The moral of this story is: don’t let unauthorised people have physical access to your computer and shut off the Firewire port unless you are actually using it.