July 2009 Archives

Infosecurity magazine posted an article that supposedly shows how you can execute some commands to start windows xp up without a password. The article presents this as a "juicy" hack;
the short tutorial shows how, with the judicious use of the XP run command and tripping an executable, it is possible to start up Windows XP without requiring a password

They also make a feeble attempt at classifying the feat;
Infosecurityisn't really sure either, but the breathtakingly simple security bypass appears to have been coded as a backdoor to Windows XP for administrators who have lost their password.

What FUD! Lets clarify a few things;

1. You need a valid login to do this
   
2. Your user will need privileges to do this
   
3. It will prompt you for the username and password to automatically log you on with the next time it starts up. 
4. It defaults to the current user so in this case they are running the control as the user Administrator.

Two minutes of research would have let the author of the article present it in the proper light. Tweaking a setting to automate the login screen so you don't have to see it. It is not a security bypass. I expect better from security specific magazines.