I want to present you here what I believe it to be a bug in the Windows Vista, pressumably also in Windows XP.
In short: When you have your PC in a windows network with mixed Linux computers (tested with Ubuntu 7.10), although you don’t share your USB Flash Drive, everybody on the network can access its files, write on it, and delete them. Bug danger: very high, security risk: very high!
I will now show you through images how this bug affects your computer:
Configuration: 2 Computers in a Windows Network:
1. Windows Vista PC
2. Ubuntu 7.10 PC using the Windows network through samba.
Pictures:
Here you can see that the USB Flash drive isn’t shared.
The sharing setting under Windows Vista. Everything is off. No sharing of the drive.
Now we change to the Ubuntu-Linux computer.
These are the computers seen under Network (samba) in Ubuntu. The Windows computer is the second one.
On this picture you can see all the drives on the windows machine. The shared ones, and the not shared ones. Some can be still accessed, even if they are NOT shared under Windows. That is the USB Flash drive from pic 1, and 2.
Accessing the not shared USB Flash drive without any problems. You can read/write/delete files on it.
Example of creating a folder on the USB flash drive.
Now I will present the forbidden access of an external HDD connected on the windows machine, which can not be accessed through Linux, as it is expected.
Trying to access the external HDD.
Access forbidden.
This bug was found by me, and I’m presenting it here, so the people using Windows Vista can contact Microsoft, so they can solve this critical security problem. I will also contact Microsoft, and tell them about this web page, so they can do something about this problem.
I also think that this bug can be found on Windows XP, but I cannot confirm that. Somebody willing to do that, also for other Windows Editions, can try and recreate it, and report what happens.
Posted by mileski 
Mileski's Weblog 