XP home Administrative Password Hacked Over internet..HOW?

[Guest]

A friend of mine informed me that her win XP home administrative password has
been hacked. Her son was playing Runescape and annoyed another player. The
other player, in turn, Hacked into her computer and changed her
administrative password. At least that is the theory. The theory hold some
waters because she said that she can acceses the password hint question and
it has been changed to HAHAHmother!#$%ers.

Her windows is fully updated.

My question is, How was it done? What settings are most likely the cause of
the security breach?

And how about a list like " Top 10 things you should do after reinstalling
XP to secure your PC"

 

[Guest]

Just about any pc can be broken into,in xp simply press F8 at start-up,enter
thru administratot account,if no password was installed,all user accounts
could be accessed.How it was done during a game....As for microsoft security,
chk out:http://www.microsoft.com/technet/security/default.mspx?wt.svl=leftnav

 

[C J.]

A friend of mine informed me that her win XP home administrative
password has been hacked. Her son was playing Runescape and annoyed
another player. The other player, in turn, Hacked into her computer
and changed her administrative password. At least that is the theory.
The theory hold some waters because she said that she can acceses the
password hint question and it has been changed to HAHAHmother!#$%ers.

Her windows is fully updated.

My question is, How was it done? What settings are most likely the
cause of the security breach?

And how about a list like " Top 10 things you should do after
reinstalling XP to secure your PC"

Hi Yerdun,

The list of things to do is a long one. Getting web smart is at the top of
the list for both Mom and her kid. Obviously, the person the kid ticked
off - took advantage of lax security settings they found on the moms
computer system - and then they made changes to her administrator account
while he was online. Sounds like it might of been done by some kind of a
script he ran against their IP number. Do you know if he accepted any files
from anyone in the Game area or not?? Just based on the Hint Question he
modified... the guy could have inserted a password in there you'll never
figure out.

1 Place to visit to learn how to bone up a PC's security:

www.blkviper.com <- this guy knows his stuff about setting Windows Xp Home
and Pro up safely. I wish more folks would take a look at his site and
then put some of his "services.msc" recommendations to use where they're
applicable to their PCs XP configuration and security.

Make sure they have a good software Firewall, and have it set up to notify
them when any unauthorized connection is being attempted to resources or
services on their system - and from where.

After getting the Administrator account password reset to a pass phrase,
Rename the account from "Administrator" to Spongebob or Fred or some other
name she choses.

If Applicable: also Rename and Disable the built in GUEST account. This can
be done from inside of Computer Management in Administrative tools: Computer
management, Local Users and Groups, Users folder

In Administrative tools, Local Security settings, Security options... Scroll
down to, and check the following settings:

1. 'Network Access: Allow Anonymous SID/Name translation' is set to
DISABLED.

And

2. ' Network Access: Do Not Allow Enumeration of SAM Accounts' is ENABLED.

I can't think of anything else at the moment. Perhaps some other folks will
give you some more input.