No new news?
As an orginal source of this article, I'd like to point out few things:
- there are millions of installation dvd's available, even typical end-user can now misuse it, you don't have to use Google to find suitable software, download it (and/or included trojan) and learn how to use it
- as mentioned, you can use WinPE to boot into cmd even without any mouse clicks, but typical end user doesn't know what are terms like WAIK, WinPE, ISO-disk etc. Also, shift + F10 in Vista setup - plenty to choose from.
- the only *real* solution is of course HD encryption / tight physical security, but why there are so many computers without encryption? Why there are so few TPM-ready desktops available? Who would like to save certificates into usb-memory? Why Windows Server 2008 includes BitLocker in every version but not in Vista Business for example? Encryption isn't that easy.
====
Of course this was not a news for security professionals, but this is a news for ordinary non security IT-professionals and end users. They don't understand, how easy it is crack into their system where they save their confidential information, and now it's even a little bit easerier, tnx to this installation-DVD.
Biting the hand that feeds IT
