Re: zoinks!@ I knew I didn't like Vaios

On 08 Nov 2005 in alt.2600, Mimic <dev@xxxxxxxx> made their contribution
to mankind by stating in
news:u62dnVH7GP0rae3enZ2dnUVZ8tydnZ2d@xxxxxxxxx:

> ThePsyko wrote:
>> C&P from Bugtraq
>>
>>
>> Sony Vaio laptops require you to create a user account the first time
>> you start your laptop. If the user you select is not "Administrator",
>> Sony still goes ahead and creates a user "Administrator" with a blank
>> password.
>>
>> This user does not show up in control panel under User Accounts but
>> if you do start up in safemode the laptop allows you to login as
>> Administrator.
>>
>> This gives an attacker an opportunity to gain administrative access
>> to a computer and access to create add delete or modify user
>> accounts.
>>
>> This is basically a backdoor account that is hidden from the user and
>> compromises the security of all Sony Vaio laptops.
>>
>> --
>> Securityforge: For all your security needs
>> (http://www.securityforge.com) Dbtech: Get the best programmers for
>> your buisness (http://www.dbtech.org)
>>
>
> ... when you get to the GUI login and "dont" see the administrator
> account, tap ctrl-alt-del twice, which will give you the classic 2k
> style login, and you can punch into the admin from there, although Ive
> found sometimes itll only allow you to in safe mode, sometimes any
> mode, guess its down to SP and patches or summink :P
>

yeah I know... I read that post and didn't think about it being XP.

Never mind :)

/me wanders off muttering something about too many things going on at
once

--
ThePsyko
Public Enemy #7
http://prozac.iscool.net
.

Relevant Pages

  • Risks Digest 25.73
    ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
    (comp.risks)
  • Re: MBSA, Office Update, Versions, Failures
    ... I apologize for posting this to three groups (MBSA, Windows Update, ... with Domain User account. ... Microsoft Baseline Security Advisor (? ... Office 2000 Security Patches - Red X's, ...
    (microsoft.public.officeupdate)
  • Re: write with cURL
    ... you can stop making excuses. ... up an account for you, process the billing, etc. ... possible features from a web site to make up for the security issues. ... Nothing you have told me shows me you know how to lock down a server ...
    (alt.php)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ...
    (microsoft.public.inetserver.iis.security)
  • [NEWS] Vulnerability Enables Passport Account Hijackings (No Secret Question)
    ... Beyond Security in Canada ... to promote the most advanced vulnerability assessment solutions today. ... A newly disclosed vulnerability could enable attackers to reset the ... who needs to reset his account password can be manipulated by attackers on ...
    (Securiteam)