Report Blog Entry
The short answer is.. Probably not
Okay, okay, so what am I on about?
TL;DR - Someone does not need your password to access your Windows account or your personal files/information/messages
Method 1:
An adversary could easily live boot into a system (they could boot your computer into a separate system that ignores Windows rules). In this system, one could access all of your photos, documents, musics, cookies, history, games, messages, etc. From here they could make a copy of all personal information. This could be done in the time it takes you to fix a sandwich.
Method 2:
An adversary could use Method 1 to gain access to a special system file called SAM that stores your password and security question answers. This would give them easier access to your files. Stealing this file could be done in the time it takes you to go to the bathroom. Then unattended, they could change your password using security questions and have full access to your account
Method 3:
An adversary could use Method 2 to completely remove the password from your account. Even better, they could use Method 2 to insert their own hidden user account with admin privileges and steal your files that way. If they did this, they could set up remote access and would be able to consistently login remotely, stealing files, keystrokes, passwords, etc.
What does this mean?
A few ways to deal with this threat:
- Encrypt sensitive information
- Don't keep extremely personal/private things on your computer
- Lock your BIOS settings and disable boot from USB
You might not care or may not have anything personal on your computer to worry about. Either way, one thing to always consider is the following question:
"Would I be okay with this file/picture/video/document being leaked?"
If the answer is no, it's probably best to have it encrypted or stored somewhere else other than your computer.
Comments
Displaying 0 of 0 comments ( View all | Add Comment )