It looks like an old vulnerability that Microsoft never got around to fixing allows you to unlock Windows PCs with just a Linux box and a Firewire connection.  The story that was picked up on Slashdot links to a tool that is a proof of concept.  The person who discovered the flaw notified Microsoft about it years ago, but since there has been no fix, he has released it publicly.  Hopefully that will convince someone it is worth fixing.

Also of note is a project over at Hack a Day, where someone has designed a bootable USB stick to take advantage of the RAM data capture exploit that was announced last week.


“Adam Boileau, a security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password. By connecting a Linux machine to a Firewire port on the target machine, the tool can then modify Windows’ password protection code and render it ineffective. Boileau said he did not release the tool publicly in 2006 because ‘Microsoft was a little cagey about exactly whether Firewire memory access was a real security issue or not and we didn’t want to cause any real trouble’. But now that a couple of years have passed and the issue has not resolved, Boileau decided to release the tool on his website.”

Here is some more Tech News from around the web:

Tech Talk