«

I am not concerned about someone at home logging onto my
computer. However, the computer has wireless onboard and
dialup capability. So, when I am on the internet, either via
wireless or dialup, my question is:


Can someone logon to my computer's administrator account FROM
THE INTERNET, if I have only a default (blank) password or no
password on my administrator account?

nucleus <> writes:

> I am not concerned about someone at home logging onto my
> computer. However, the computer has wireless onboard and
> dialup capability. So, when I am on the internet, either via
> wireless or dialup, my question is:
>
>
> Can someone logon to my computer's administrator account FROM
> THE INTERNET, if I have only a default (blank) password or no
> password on my administrator account?

Blank/no password is nearly always a bad idea.

Whether someone from the internet can get to you depends on your home
network. Do you have a firewall or packet filtering router? If so,
the landlin network based threat is minimized, but there are other
reasons you should opt for a password.

One could sit out front of your house with a directional antenna,
disassociate your wireless computer from your access point, have your
computer happily reconnect to the attacker's rogue access point with
the same SSID whereby your passwordless admin account becomes trivial
pickins. The above scenario is achievable with freely available tools.

Setting aside locally proximate wireless attacks, there's also the
client-side to worry about--i.e. contracting driveyby infections in
your normal web surfing, thereby making the inbound protections of a
perimeter firewall a moot issue. Malware (including javascript borne
malware) these days doesn't mind scanning the local LAN for other
machines to compromise, which makes a password-free account on your
machine more vulnerable to various fangs of malware on your local
network than it would be with a password in place.