this post was submitted on 19 Dec 2023
1005 points (99.1% liked)

xkcd

8590 readers
138 users here now

A community for a webcomic of romance, sarcasm, math, and language.

founded 1 year ago
MODERATORS
[email protected]
1005
xkcd #2869: Puzzles (imgs.xkcd.com)
submitted 9 months ago by [email protected] to c/[email protected]
117 comments fedilink hide all child comments
 

https://xkcd.com/2869

Alt text:

Why couldn't the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 50 points 9 months ago (3 children)

I can imagine you going *"Why didn't they just hit [Esc] to bypass the password prompt, open a DOS prompt and delete the password files in C:\Windows.pwl?"

(Yes, that was actually a thing you could do on early 90's Windows 3.0)

[–] [email protected] 24 points 9 months ago* (last edited 9 months ago) (1 children)

Same with Windows 95 and Windows 98. Those operating systems were not really designed with a proper concept of 'user accounts'

The password box wasn't supposed to prevent system access, it was to capture user credentials for networking, like remote fileshare access.

Pressing escape is just choosing to continue anonymously.

[–] [email protected] 7 points 9 months ago (1 children)

I believe even as far as XP and maybe 7 you could just make a new user account with admin privileges by creating it through command prompt and changing a single flag. I used this to get unfettered access to the remote hard drive server in high school and stole other people’s homework.

It’s no wonder I ended up going the GED route lmao

[–] [email protected] 2 points 9 months ago (1 children)

Yes, but getting to the cmd, you have to replace C:/windows/system32/utilman.exe with cmd.exe on 7+.

[–] [email protected] 2 points 9 months ago

I believe I wrote all the commands sequentially in a batch file because some well intentioned IT person blocked access to cmd, but had no restrictions for creating/executing .bat

[–] [email protected] 14 points 9 months ago

You didn't even need to do that. You could hold down the shift key to bypass some passwords, and just click cancel on others.

Early Windows had awful security.

[–] [email protected] 5 points 9 months ago (1 children)

Even now if someone has physical access to your Windows computer and it has a USB port, they will get through.

[–] [email protected] 5 points 9 months ago (2 children)

Not if you activated a BIOS password which blocks booting from USB (and can't be reset by jumpers or removing the CMOS battery on modern motherboards), or Bitlocker which blocks copying cmd.exe over the accessibility options.

[–] [email protected] 3 points 9 months ago

Well yeah. But that depends on a person doing it.

[–] [email protected] 2 points 9 months ago

I wonder how hard it would be to set up a machine so that it modifies or melts a USB drive being used like that.