“A security researcher has released an easy-to-use tool that accesses
locked Windows computers in seconds without entering a password.

The tool, which was released Tuesday by Adam Boileau, works by
connecting a Linux machine to the Firewire port of the target PC and
modifying the password protection that’s stored in local memory.

The attack exploits a well-known weakness in Firewire that makes it
easy for connected devices to read and write to the memory of the host
machine. Similar hacks work on machines running OS X and Linux (
see here).

Of course, the attack depends on having physical access to the targeted machine, and as most El Reg
readers know, anyone who has physical control of the PC owns it. Then
again, password protections have been a useful way to briefly secure a
machine while a user runs to the bathroom. Until now. As Boileau’s tool
makes clear, such protections can be bypassed in a matter of seconds.”

Read the rest of the article here :