i2 Security Blog

Keeping you upto date on the world of IT Security

i2 Security Blog - Keeping you upto date on the world of IT Security

Microsoft YouTube site pwned

The weekend saw Microsoft’s youtube presence hacked and content changed from helpful video’s to cartoons and advertising offers.

One of the uploaded videos, called Bingo, showed a character from the LA Noire video game shooting another animated figure in the head. Other videos called on YouTube visitors to post video responses, create new background images for the channel or provide sponsorship.

By midday GMT the site had been returned to normal.  Nobody is claiming to know how this hack took place, but the obvious theory is poor password security by a Microsoft employee.  There are also rumours circulating that the account and channel was actually created by a Microsoft fan before being handed over to Microsoft at a later date.  It could be that the account was still linked to the previous owners email and therefore a password change was easy to facilitate.

One heading on the channel also read, “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/.”  So maybe there is something

Windows 7 God Mode

Today I received an email detailing the “Windows7 God Mode”. OK, so its not quite God Mode but it gives you all the Administrator tools you could dream in one place, just by creating a new folder. Yes I know it sounds odd but carry on reading and try, you’ll be amazed. I just hope server administrators don’t let their users run as local administrators otherwise ALL of these tools will be available to them now, oops!!

 

Start by creating a New Folder on the Desktop (right click and choose New Folder)

 

 

 

 

Then rename the folder to “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}” (no inverted commas)

 

 

 

 

 

 

 

 

Once this is created it automatically populates with a huge number of useful Windows administrative tools which are ready to use.

Now this is really useful for windows admins, however you should also make sure that your users cannot create this file. If they can create it they will still need to have admin rights to use most of the tools, however it’s best not to give them the chance.