Hack into a Windows PC – no password needed

March 14, 2008 – 7:22 AM

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.

Boileau, a consultant with Immunity Inc., said he did not release the tool publicly in 2006 because “Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble”.

But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.

Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.

Paul Ducklin, head of technology for security firm Sophos, said the security hole found by Boileau was not a vulnerability or bug in the traditional sense, because the ability to use the Firewire port to access a computer’s memory was actually a feature of Firewire.

“If you have a Firewire port, disable it when you aren’t using it,” Ducklin said.

“That way, if someone does plug into your port unexpectedly, your side of the Firewire link is dead, so they can’t interact with your PC, legitimately or otherwise.”

Ducklin also advised people to be careful when giving others physical access to their computer.

“I know people who’d think three times about asking passing strangers to take their photo in front of the Opera House in case they did a runner with the camera, yet who are much more casual with their laptop PC, as long as it’s software-locked, even though the hardware alone is worth five times as much as the camera,” he said.

Microsoft was unavailable for comment at the time of publication.

Source: theage

Build an $800 Gaming PC

March 14, 2008 – 4:55 AM

Gaming computers cost several thousand dollars, right? That’s common knowledge, you’d think. Of course, those of us in the do-it-yourself community know better. You can build a perfectly capable gaming PC for little money. In fact, for years we’ve been challenging ourselves to build a decent gaming rig for less than $800.

Sacrifices must be made for such an inexpensive gaming rig. With a $1,000 price point, you could do a lot more. But picking a price point that is easy, that requires no tough decisions, isn’t the point. The point is to show that large-scale OEMs, the guys who do the most volume at these prices, could certainly sell you a good gaming PC for this price if they wanted to. For the most part, they don’t, and that’s the power of building your own computer—you can get what you wouldn’t buy elsewhere.

So read on for our component picks and performance measurements on our $800 gaming PC. Feel free to discuss what you would do differently, and point readers to some of the great deals you’ve found.

Read the rest of this story…

Bioshock 2 Confirmed for 2009

March 13, 2008 – 10:39 AM

Publisher Take-Two Interactive today officially confirmed that a sequel to 2K Boston and 2K Australia’s underwater shooter BioShock will arrive during the company’s fiscal fourth quarter in 2009.Take-Two’s fourth fiscal quarter runs from August through the end of October.

BioShock 2 is under development by the Novato, California-based studio 2K Marin. The new development house is rumored to consist of several former 2K Boston and 2K Australia employees.

The publisher also announced that BioShock creator Ken Levine will be involved in the development of the sequel, though his role on the project was not specified. Levine’s home studio of 2K Boston is rumored to be working on a new X-COM title.

“[Ken Levine] is critical to BioShock,” said a Take-Two representative.

No platforms were announced. The game will likely make an appearance on both Xbox 360 and PC, and comments made earlier in the year by 2K Games president Christopher Hartmann indicate the game could also be released on PlayStation 3.

Source…

Windows SteadyState

March 13, 2008 – 5:06 AM

A couple of years ago Microsoft released the Shared Computer Toolkit, a free set of tools to help administrators manage PCs used by multiple users, especially in order to create safe configurations that would undo any changes made by careless or malicious users.

Now they have released the next generation of those tools, Windows SteadyState. SteadyState appears, from the documentation, to support only Windows XP Service Pack 2.

Families, libraries, classrooms, Internet cafes, lots of people have a need to let users share computers. Inevitably, someone will do something unpleasant to the computer, like make the system font tiny, install shell extensions that make it unstable, or set up a password-protected screen saver (and not tell anyone the password). SteadyState helps you to limit the damage that users can do, and to undo the damage they manage to do.

If you’re already set and happy with the Shared Computer Toolkit, why should you change to SteadyState? Here’s what’s new:

Read the rest of this story…

Goolag – GUI Tool for Google Hacking

March 13, 2008 – 5:01 AM

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications – standalone and Web-based – offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

  • There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
  • Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of Google hacking are required to test one’s host.
  • Goolag Scanner comes with its own dorks-database, but it is not limited to such.
  • gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.

Source…