Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Serious Security Breach Windows 7 Account! Need help!


18 Feb 2010   #1

Windows 7 Professional x64, Windows Server 2008 x64, Ubuntu 9.1
 
 
Serious Security Breach Windows 7 Account! Need help!

A classmate in my program in university has been able to log into my account after I locked my laptop to goto the bathroom. While I do not know any specifics or details. I can give the following Information.

1) ALL My Account Passwords have been reset to blank.
2) The Laptop was Restarted to do this
3) Im using Windows 7 Professional, with a Ubuntu 9.1 Installation on 2ndary boot.
4) My Ubuntu has a password that he does not know. I do not think he could have used it.
5) He does not know my password, he only wiped it somehow from the account.

He was able to log into my desktop in which I caught him just as he logged in. He was not able to tamper or have access to windows functions like control panel etc as he did not have the time to.

How can I prevent this from happening again and what did he do?

I googled Windows 7 Password Reset but I was not able to find any solutions that meet the above criteria. Im stumped and I do not like the idea of him being able to access my laptop if im not there.

***Solved***

My System SpecsSystem Spec
.

18 Feb 2010   #2

 

Change your passwords. There are a few different ways this could have been done on your machine... All in which I don't feel is appropriate to share on this forum due to security reasons.

Disabling auto run will probably do the trick...
My System SpecsSystem Spec
18 Feb 2010   #3

Windows 7 Professional x64, Windows Server 2008 x64, Ubuntu 9.1
 
 

My CD Tray and USB's were not used.

I want to prevent this from happening again. Either way I need to know what he did to prevent it. Can you please tell me what he did?
My System SpecsSystem Spec
.


18 Feb 2010   #4

 
 

Quote   Quote: Originally Posted by DarkAngelSent View Post
A classmate in my program in university has been able to log into my account after I locked my laptop to goto the bathroom. While I do not know any specifics or details. I can give the following Information.

1) ALL My Account Passwords have been reset to blank.
2) The Laptop was Restarted to do this
3) Im using Windows 7 Professional, with a Ubuntu 9.1 Installation on 2ndary boot.
4) My Ubuntu has a password that he does not know. I do not think he could have used it.
5) He does not know my password, he only wiped it somehow from the account.

He was able to log into my desktop in which I caught him just as he logged in. He was not able to tamper or have access to windows functions like control panel etc as he did not have the time to.

How can I prevent this from happening again and what did he do?

I googled Windows 7 Password Reset but I was not able to find any solutions that meet the above criteria. Im stumped and I do not like the idea of him being able to access my laptop if im not there.
Hello DarkAngelSent, and welcome to Windows Seven Forums!

Some basic security steps to take that will help here would be to secure the computer bios with a password. Also, for convenience during install, we sometimes set the CD-Rom as first in boot order. This would allow someone to use a CD to circumvent passwords. Set the Hard Drive as first in boot order to prevent this.

Use the password feature when your computer comes out of sleep or hybernation, or after the screen saver.

Enable the Default Administrator account and give the account a password. Then disable the account again.

Please let us know if you need help with these suggestions.

Cheers!
Robert
My System SpecsSystem Spec
18 Feb 2010   #5
Microsoft MVP

W 7 64-bit Ultimate
 
 

Hello DarkAngelSent, welcome to Seven Forums!

Here's an option in case you ever get "locked out" of your machine; see the snip below and follow the wizard prompts.

Name:  reset.JPG
Views: 30
Size:  31.8 KB


My System SpecsSystem Spec
18 Feb 2010   #6

 

Quote   Quote: Originally Posted by DarkAngelSent View Post
My CD Tray and USB's were not used.

I want to prevent this from happening again. Either way I need to know what he did to prevent it. Can you please tell me what he did?

Are you in a domain environment there? But like I said earlier, allowing you to "recreate" the breach would be unethical. Thus the reason the explanations for what this person may or may not have done is not really up for discussion.
My System SpecsSystem Spec
18 Feb 2010   #7

Windows 7 Professional x64, Windows Server 2008 x64, Ubuntu 9.1
 
 

I am not in a domain environment as it is my own laptop.

He did not have access to any windows controls, as he had circumvented it without the ability to log onto windows.

He did not utilize the CD Drive or USB Ports
Therefore he did not use the windows password recovery CD or other peripherals etc.

I have already put a bios password in as a precautionary step (as i know he had to reboot) And i have as recommended by the user above, placed my Hard drive as my primary boot device.

I also do not find the discussion of how he did this as unethical. This is after all my own machine, and as a Network Securities Student, one of the key points we are taught is that if we are not able to perform the security breaches or recreate it, we cannot learn from it or take steps and measures to prevent it. This being a Windows 7 Forum, I find that out of all the other places over the internet, THIS is the place one should/would discuss an issue like this as it pertains and has relevance to the operating system and configuring and securing the environment.
My System SpecsSystem Spec
18 Feb 2010   #8

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Check User Accounts and see if the Guest Account is enabled. If so, it probably isn't password protected.
My System SpecsSystem Spec
18 Feb 2010   #9

 
 

Quote   Quote: Originally Posted by DarkAngelSent View Post
I am not in a domain environment as it is my own laptop.

He did not have access to any windows controls, as he had circumvented it without the ability to log onto windows.

He did not utilize the CD Drive or USB Ports
Therefore he did not use the windows password recovery CD or other peripherals etc.

I have already put a bios password in as a precautionary step (as i know he had to reboot) And i have as recommended by the user above, placed my Hard drive as my primary boot device.

I also do not find the discussion of how he did this as unethical. This is after all my own machine, and as a Network Securities Student, one of the key points we are taught is that if we are not able to perform the security breaches or recreate it, we cannot learn from it or take steps and measures to prevent it. This being a Windows 7 Forum, I find that out of all the other places over the internet, THIS is the place one should/would discuss an issue like this as it pertains and has relevance to the operating system and configuring and securing the environment.
DAS;

Your point is well taken. Please consider from our point of view: breaking into someone else's computer IS unethical. We are not the place to educate people on HOW to break in to a computer, but we are willing to make suggestions on how to secure your computer.

If your assessment of the means of intrusion into your computer is correct, I can only think of two means of access: the Default Administrator account can be enabled without a password, so it needs to have a password so even if it is enabled, it cannot be accessed.

Second: a key logger might have been used to capture your password without your knowledge. It could be software or hardware.
My System SpecsSystem Spec
18 Feb 2010   #10

Windows 7 Professional x64, Windows Server 2008 x64, Ubuntu 9.1
 
 

The Administrator account has a password and was disabled during initial configuration.

There are no key loggers on my machine.

What really is stumping me is that he had to restart the machine to do this. This is leading me to beleive that he tampered with a windows file. Perhaps deleted a file containing the user account passwords in particular. (I dont know what windows calls it as i only know it for linux). Again he had no access to the windows environment itself. So i dont think a software keylogger would be something id account for. Nor did he have peripherals such as hardware keyloggers.
My System SpecsSystem Spec
Reply

 Serious Security Breach Windows 7 Account! Need help!




Thread Tools



Similar help and support threads for2: Serious Security Breach Windows 7 Account! Need help!
Thread Forum
Apple Developer portal breach credited to security researcher Security News
Security breach on the Ubuntu Forums Chillout Room
Visa, MasterCard Security Breach Security News
Security Breach? System Security
Security Breach or a Bug? System Security
Security Breach?? System Security
Apple's Worst Security Breach: 114,000 iPad Owners Exposed Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 02:08 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33