My Dell Windows XP PC had a sticker on it that say “Please hack me”.
Well, I didn’t see the sticker. Not for a while. I read a very basic article on hacking by Roger Grimes at Infoworld. He talked about passwords sniffed from wireless networks. Their encryption broken in a matter of seconds. I thought it was too easy, it couldn’t be. I had to try it myself. I hopped over to insecure.org downloaded Cain & Abel installed it and was ready to go. Cain is a sniffer + cracker. I had to see for myself.
It took me less than five minutes to sniff the traffic on my private network, send it to the cracker and launch a dictionary attack on the SMB traffic collected. I found two vulnerable accounts, “Administrator” and “Guest”. Both accounts had *no* passwords. The Administrator account was especially worrisome – it never showed up under the account list in my XP control-panel. I never even knew it existed. I had never logged into it (XP offers to create a user account with administrator privileges at install-time). The Administrator account is also my system ‘root’, pardon my reliance on Unix jargon.
Dissapointed in myself, I quickly peeled the sticker off by disabling the two accounts. Maybe I can fix the vulnerability comprehensively by eliminating my dependence on Windows entirely.