Eldar Marcussen: July 2009 Archives

So with little fanfare I present to you the first proper release of graudit. If you did not already know; graudit is a rough code auditing tool for dynamic languages.
In all honesty it is just a bash script that uses grep with several regular expressions to highlight potential problem areas in source code. The results are comparable to that of other rough auditing tools such as rats or flaw-finder.

You can obtain the latest version from the graudit download page.

Hacking xp...wait...what?

Infosecurity magazine posted an article that supposedly shows how you can execute some commands to start windows xp up without a password. The article presents this as a "juicy" hack;
the short tutorial shows how, with the judicious use of the XP run command and tripping an executable, it is possible to start up Windows XP without requiring a password

They also make a feeble attempt at classifying the feat;
Infosecurityisn't really sure either, but the breathtakingly simple security bypass appears to have been coded as a backdoor to Windows XP for administrators who have lost their password.

What FUD!
Lets clarify a few things;
    1. You need a valid login to do this
    2. Your user will need privileges to do this
    3. It will prompt you for the username and password to automatically log you on with the next time it starts up. 
    4. It defaults to the current user so in this case they are running the control as the user Administrator.
Two minutes of research would have let the author of the article present it in the proper light. Tweaking a setting to automate the login screen so you don't have to see it. It is not a security bypass. I expect better from security specific magazines.
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.