The solution is as obvious as daylight, but here's what happens (at least for me on Windows Vista Business SP1): I was going to log onto my laptop this morning before I went to class, but I didn't. I did, however, type my password in its entirety. The computer was sitting at the logon screen because it had been restarted to install updates. I closed the lid, took the machine with me to class and opened it again. My password was still there, so anyone who had physical possession of the machine could have logged in without knowing my password had they pressed [ENTER].
Obviously, you shouldn't type your password and then not logon, but in the even that you do you could compromise your machine's security. I will bet money this screws over some stupid person either in corporate or government and results in a data breach.
Interesting Security "Flaw" I Found...
Interesting Security "Flaw" I Found...
Play
Q6600 @ 3.2GHz :: 8GB DDR2-800 :: eVGA 9800GX2 :: 7900GTX (secondary) :: abit IP35 Pro :: 150GB Raptor 10k RPM :: 2x750GB WD Caviar :: 120GB WD :: X-Fi XtremeMusic :: NEC 4551A :: BenQ DVD Combodrive (52x32x52) :: Dual 22" Acer AL2216W :: Thermaltake Armor Black :: Logitech Z5500 5.1
Work
Core 2 Duo @ 2.53GHz :: 4GB DDR3 @ 1067MHz :: 3670 :: Intel PM45 Chipset :: 500GB 5400RPM SATA :: Integrated Audio :: BD-ROM/DVD Burner :: 16" 1920x1080 RGBLED
Q6600 @ 3.2GHz :: 8GB DDR2-800 :: eVGA 9800GX2 :: 7900GTX (secondary) :: abit IP35 Pro :: 150GB Raptor 10k RPM :: 2x750GB WD Caviar :: 120GB WD :: X-Fi XtremeMusic :: NEC 4551A :: BenQ DVD Combodrive (52x32x52) :: Dual 22" Acer AL2216W :: Thermaltake Armor Black :: Logitech Z5500 5.1
Work
Core 2 Duo @ 2.53GHz :: 4GB DDR3 @ 1067MHz :: 3670 :: Intel PM45 Chipset :: 500GB 5400RPM SATA :: Integrated Audio :: BD-ROM/DVD Burner :: 16" 1920x1080 RGBLED
Re: Interesting Security "Flaw" I Found...
Users will always be the biggest security flaw.
Re: Interesting Security "Flaw" I Found...
I agree, you shouldn't blame Microsoft for people's stupidity.moon111 wrote:Users will always be the biggest security flaw.