I remember that my last release quoted 2 exploits (hacks) to get into an XP machine without
an administrator password. One technique was to replace the default “login.scr” with a
command prompt that gives you full fledged admin rights. One of the readers (probably a
system admin) wrote to me (from Orkut) on ways to patch it. The solution is known and it
does not require any sixth sense or any ‘hacking’ sense. As a responsible hacker (I’m not a
cracker, though I do some reverse engineering with hex editors/de-compilers/ dis-assemblers)
, I feel that it’s my responsibility to mention the remedy too. This potential security risk can
be negated with a very simple registry tweak. Open registry and navigate to
HKEY_USERS\.DEFAULT\ControlPanel\Desktop and look for the data key
"ScreenSaveActive". Setting its value to 0 would disable screen saver. You can even clear out
the value for 'SCRNSAVE.EXE' to completely remove the screen saver and replace it with
some thing of your own. Isn’t a safe thing to do?
No comments:
Post a Comment