Serious Security Breach Windows 7 Account! Need help!

DarkAngelSent said:

The Administrator account has a password and was disabled during initial configuration.

There are no key loggers on my machine.

What really is stumping me is that he had to restart the machine to do this. This is leading me to beleive that he tampered with a windows file. Perhaps deleted a file containing the user account passwords in particular. (I dont know what windows calls it as i only know it for linux). Again he had no access to the windows environment itself. So i dont think a software keylogger would be something id account for. Nor did he have peripherals such as hardware keyloggers.

Well ... if I may be allowed to joke with you (in a totally friendly way) unless he had a "magic wand", there is no way he could login to your computer, either linux or windows, without your password, or some external operating system.

BTW this tutorial is a legit way to enable the Default Administrator Account when one has damaged his computer and no longer has any administrator rights with any user accounts. That is why I recommend giving the special account a password. User Account Password - Change from WinRE

Cheers!
Robert

Your mention of Linux makes me wonder if you are dual booting with a Linux distro? If so, and he could access that, he could read Windows files with it I'm not certain, but I think that could be done with a Linux Live CD.

I think this thread has gone far enough with information relating to certain access points.

Encrypt the Hardrive like with www.truecrypt.org

If you think he could get into the boot menu or bios, you can disable the keys on startup like...you will not be able to use them either if you need to though.

Edit apologies: Sorry Brady I didn't read your post, I was trying to offer a way to protect not bring up securtiy flaws and what not

There are also programs like Eraser to get rid of sensitive data so it cant be dug up from your computer if it is compromised. or get a program to create an encypted vault for your files. If you think he might have a program to hack your password, remember the longer the pass the better. even if he could decrypt your pasword, if its 20 chars long, it will take him months(?) to crack it as opposed to days(?) for a 6 alphanumerics

A reboot with a hirens bootable cd and use of tools would make any of the problems possible. Also a Live Ubuntu CD would give full access as well and it is easy to reset the Ubuntu password from a command line on boot.

I would report this person to the proper authority if it is relevant.

DarkAngelSent said:

My CD Tray and USB's were not used.

I want to prevent this from happening again. Either way I need to know what he did to prevent it. Can you please tell me what he did?

Did you ask him what he did ? Did you bring it to a higher authority ?
Is this your own personal computer ? If it is ... Well Then ......

Yea I had a gut feeling he used my ubuntu to access my windows files. But I have a secure alphanumeric password for both the root and my account pass on my Ubuntu as well as my W7. I have already set a bios password as well and set my HDD as my primary boot device.

As for reporting him. (while I am a bit pissed that he tampered with a configuration without telling me first (ie delete my account passwords), its just something he does. Hes a classmate and we both study in the network securities field. ie, he does it to try to motivate me to keep updated on security flaws and weaknesses. This is why he wont tell me exactly what he did. Unfortunately, I cannot seem to figure out what he did and its unnerving that he can break into my account when he pleases (though i have the bios passwd set now). The methods for "resetting" the windows password do not meet the criteria of events and procedures he used.

If this issue really is a "flaw" or weakness in the operating system. I would think that this knowledge should be public knowledge so that the community and people around the world can work to protect themselves. While I understand why some users are compelled to keep this under wraps, If you hide these weaknesses, your basically just saying. "Yea ok, theres a problem, but were not gonna tell you what the problem is." One of the first things they teach us is that Obscurity is the worst form of network security. If these people know about this weakness, they must have learned it somewhere, and if that flow of information and education stops, the new generation of security admins will not have the proper education to protect the systems they are hired to protect. I cannot help but feel that this is more than just an attempt at obscurity, as the logic behind the argument to me is flawed based on the security through obscurity principle. Instead (while intentional or unintentional) the feeling of oppressing the learning and education of emerging students in regards to that information can only serve to increase the gap between amatures and professionals.

As I see it, security breaches like this are like a festering wound. If you leave it unattended for too long, itll become worse and worse. Ignoring it and witholding treatment does nothing to serve the community. With that in mind, I think its unethical to withhold this kind of information that the community of users have a right to know about to protect themselves with.

Thank you Iseeuu. The method you described seems to fit the criteria. Ill explore into this in greater detail and get back to you with my results. :)

Yeah he used your ubuntu OS to bypass your login, Following this guide to reset a ubuntu password is quite trivial because recovery mode drops you into a root shell by default without requiring a password

I recommend removing ubuntu.

How to reset your password in Ubuntu