Vulnerability Development mailing list archives
Re: local security workaround through IE
From: 11a () GMX NET (Bluefish)
Date: Wed, 5 Apr 2000 14:34:41 +0200
Well, no. Say you are at a library; the BIOS is protected by a password.. place is busy, people around you, librarians watching.. are you going to be able to open up the case, reset the BIOS (even via other methods), boot a disk, circumvent the security? No.
Uhm, you are assuming that every terminal is placed so that everyone has a
clear view of it, and that the library always is crowded. I'm aware of
people who actually have attacked public terminals. It is an error of
judgement to assume that computers which aren't physically secured.
Lets say that a public accessable terminal would be e.g. a toshiba laptop,
an IBM aptiva, or an Award 4.50PG. Great, you set a password to bios. Now
you are assuming that people needs a to take the time to open up the
computer to boot from floppy. What you don't know is that the manufacturer
chosed to install backdoors in the computer, and that among your attackers
this is known. What the administrator calculated couldn't be done without
notice is a 2 minute attack which can be semi-automated.
All these possibilities adds up to that a threat model does not cover all
threats if it assumes a computer cannot be "cracked" locally just because
it is (moderatly) supervised. The risks are too high for an attacker an
administrator might think, to a young "cracker" the risks might be just
what makes it worth for him to give it a try. Therefore, it is my opinion
that in libraries, schools etc the administrators should *ASSUME* that all
workstations have been "rooted". Some administrators don't, and you
sometimes see the effects of that by massive virus infections. "It's the
users fault!", "How did the users infect the protected files on the
network?", no answer.
Therefore, the security policy should forbidd all of kinds sensitive use
from computers who aren't in a room locked whenever the assigned workers
aren't using the room. And supervisor work should be allowed from
dedicated secured terminals only. It really basic, but most companies and
organizations are far from it. Even if an organization has experienced
attacks, they often don't do more that update their "Terms of usage".
..:::::::::::::::::::::::::::::::::::::::::::::::::..
http://www.11a.nu || http://bluefish.11a.nu
eleventh alliance development & security team
Current thread:
- Re: local security workaround through IE Seth R Arnold (Mar 31)
- <Possible follow-ups>
- Re: local security workaround through IE WHiTe VaMPiRe (Mar 31)
- Re: local security workaround through IE Matthew S. Hallacy (Apr 03)
- Re: local security workaround through IE Bluefish (Apr 05)
- Re: local security workaround through IE WHiTe VaMPiRe (Apr 05)
- Re: local security workaround through IE Seth R Arnold (Apr 05)
- Novell 32bit Client , Passwords Michael Sanders (Apr 06)
- Re: Novell 32bit Client , Passwords Seth R Arnold (Apr 06)
- Re: Novell 32bit Client , Passwords Andrew Griffiths (Apr 06)
- Re: local security workaround through IE Andrew Bennieston (Apr 08)
- Re: local security workaround through IE Mr Jason C Hill (Apr 06)