* Posts by Kimmo Rousku

1 publicly visible post • joined 12 Jun 2007

Windows recovery loophole lets hackers in

Kimmo Rousku

No new news?

As an orginal source of this article, I'd like to point out few things:

- there are millions of installation dvd's available, even typical end-user can now misuse it, you don't have to use Google to find suitable software, download it (and/or included trojan) and learn how to use it

- as mentioned, you can use WinPE to boot into cmd even without any mouse clicks, but typical end user doesn't know what are terms like WAIK, WinPE, ISO-disk etc. Also, shift + F10 in Vista setup - plenty to choose from.

- the only *real* solution is of course HD encryption / tight physical security, but why there are so many computers without encryption? Why there are so few TPM-ready desktops available? Who would like to save certificates into usb-memory? Why Windows Server 2008 includes BitLocker in every version but not in Vista Business for example? Encryption isn't that easy.


Of course this was not a news for security professionals, but this is a news for ordinary non security IT-professionals and end users. They don't understand, how easy it is crack into their system where they save their confidential information, and now it's even a little bit easerier, tnx to this installation-DVD.