Post by drcard on Apr 7, 2021 16:58:28 GMT -5
Extra Security for Windows Laptops and Tablets
Overview
Since XP, Windows has had a known (and published) security flaw. If a hacker has physical access to a PC running Windows, in a matter of minutes the hacker can have full access to all files on that PC. The hacker doesn’t have to be that computer savvy to accomplish this. Since this hack depends upon physical access to the PC, it is more likely to happen to laptops and tablets that can be more easily be lost or stolen. Below is an explanation of this security flaw hack and options a user has to protect themselves.
About Window’s Security Flaw
I will explain enough about the hack for you to understand the physical access requirement and the reasons why the counter measures will work. I will not teach people how to hack Windows.
The hack requires physical access to the PC because the hacker must attach a Windows Recovery Drive on a flash drive to an USB port on the PC and enter BIOS to have the PC boot the Recovery Drive. In this Recovery and Repair mode the hacker will utilize the security flaw to open a Command Window with Administrator’s privileges. In the Command window the hacker will create a Windows account as administrator with their own password, take ownership of all files on the PC, and have access to all files that have your passwords, account numbers, emails, or any other personal data that is of financial value to them.
This hack bypasses the logon password or biometrics and is very easy to do. I hacked a laptop in under 10 minutes my first time.
Options to Protect Against this Security Threat
Option #1
Do not keep on the laptop personal information that could be used to steal from you. Keep all that data on a separate flash drive that never leaves your possession.
Option #2
Never lose or have your laptop or tablet stolen. Very hard to do with such portable devices.
Option #3
Encrypt all files that have personal information. Windows encryption key is bound to the password of the user that is logged on when the file was encrypted. Even another user with administrator privileges can’t access such encrypted files.
Overview
Since XP, Windows has had a known (and published) security flaw. If a hacker has physical access to a PC running Windows, in a matter of minutes the hacker can have full access to all files on that PC. The hacker doesn’t have to be that computer savvy to accomplish this. Since this hack depends upon physical access to the PC, it is more likely to happen to laptops and tablets that can be more easily be lost or stolen. Below is an explanation of this security flaw hack and options a user has to protect themselves.
About Window’s Security Flaw
I will explain enough about the hack for you to understand the physical access requirement and the reasons why the counter measures will work. I will not teach people how to hack Windows.
The hack requires physical access to the PC because the hacker must attach a Windows Recovery Drive on a flash drive to an USB port on the PC and enter BIOS to have the PC boot the Recovery Drive. In this Recovery and Repair mode the hacker will utilize the security flaw to open a Command Window with Administrator’s privileges. In the Command window the hacker will create a Windows account as administrator with their own password, take ownership of all files on the PC, and have access to all files that have your passwords, account numbers, emails, or any other personal data that is of financial value to them.
This hack bypasses the logon password or biometrics and is very easy to do. I hacked a laptop in under 10 minutes my first time.
Options to Protect Against this Security Threat
Option #1
Do not keep on the laptop personal information that could be used to steal from you. Keep all that data on a separate flash drive that never leaves your possession.
Option #2
Never lose or have your laptop or tablet stolen. Very hard to do with such portable devices.
Option #3
Encrypt all files that have personal information. Windows encryption key is bound to the password of the user that is logged on when the file was encrypted. Even another user with administrator privileges can’t access such encrypted files.