SAM file Vulnerability in Microsoft Windows OS !
I’m introducing this tip to explain to you the dangerous vulnerability in windows (2000 ,XP, Vista and WIN7 ) Local users accounts .
The important question here is: am I safe when using windows user account with a strong password ?
Does this password prevents other people see or access my own and very private files?
The answer is definitely NO !!!
Because of SAM file Vulnerability that microsoft insists to use in every OS version starting with windows 2000 till now.
The local accounts you create in windows are stored in SAM file that exists in the following path “C:Windows\System32\config” .
The good news is that the file is encrypted but the bad news is that there is a lot of third party tools that can clear any password stored in that file Offline (via booting from a boot disk or CD or USB drive that contains the crack tool ) , and if anyone managed to apply such software on your pc that means that he is able to login with a blank password . but wait a second the victim can easily discover that someone missed up the his or her password (this is good but too late ) because the attacker has got what he wanted.
Some clever Hackers uses another technique which is : copying your original SAM file to some safe place , then apply one of the third party tools, then reboot and enjoys accessing your files eventually he restore your original SAM file (which contains your Non-blank password) by overwriting the cracked SAM . this way you won’t even feel any change to your VERY SECURE PASSWORD !!!!.
Putting all in a nutshell , nothing is 100% secure , i suggest to take these these best practices in to your concedratin :
- Use Bios Password instead of windows password specially with laptops(in laptops Bios password can not be cracked or cleared by Jumper )
- Never leave your confidential data on the same hard disk drive of your pc , it is better to save them to external hard drives or USB sticks or DVD.
-Convert Fat32 drives to NTFS and Use Encrypting File System (EFS) feature to store files in an encrypted format on your hard disk.
-Some laptops has a hardware encryption chip that can encrypt data on hard disk drive.
-windows vista and 7 (Ultimate and Business Edition) has a new hard disk encryption feature called BitLocker that prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows files .
on Jun 07, 2010 | PC Laptops