Vulnerability Development mailing list archives
Re: local security workaround through IE
From: 11a () GMX NET (Bluefish)
Date: Wed, 5 Apr 2000 14:34:41 +0200
Well, no. Say you are at a library; the BIOS is protected by a password.. place is busy, people around you, librarians watching.. are you going to be able to open up the case, reset the BIOS (even via other methods), boot a disk, circumvent the security? No.
Uhm, you are assuming that every terminal is placed so that everyone has a clear view of it, and that the library always is crowded. I'm aware of people who actually have attacked public terminals. It is an error of judgement to assume that computers which aren't physically secured. Lets say that a public accessable terminal would be e.g. a toshiba laptop, an IBM aptiva, or an Award 4.50PG. Great, you set a password to bios. Now you are assuming that people needs a to take the time to open up the computer to boot from floppy. What you don't know is that the manufacturer chosed to install backdoors in the computer, and that among your attackers this is known. What the administrator calculated couldn't be done without notice is a 2 minute attack which can be semi-automated. All these possibilities adds up to that a threat model does not cover all threats if it assumes a computer cannot be "cracked" locally just because it is (moderatly) supervised. The risks are too high for an attacker an administrator might think, to a young "cracker" the risks might be just what makes it worth for him to give it a try. Therefore, it is my opinion that in libraries, schools etc the administrators should *ASSUME* that all workstations have been "rooted". Some administrators don't, and you sometimes see the effects of that by massive virus infections. "It's the users fault!", "How did the users infect the protected files on the network?", no answer. Therefore, the security policy should forbidd all of kinds sensitive use from computers who aren't in a room locked whenever the assigned workers aren't using the room. And supervisor work should be allowed from dedicated secured terminals only. It really basic, but most companies and organizations are far from it. Even if an organization has experienced attacks, they often don't do more that update their "Terms of usage". ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: local security workaround through IE Seth R Arnold (Mar 31)
- <Possible follow-ups>
- Re: local security workaround through IE WHiTe VaMPiRe (Mar 31)
- Re: local security workaround through IE Matthew S. Hallacy (Apr 03)
- Re: local security workaround through IE Bluefish (Apr 05)
- Re: local security workaround through IE WHiTe VaMPiRe (Apr 05)
- Re: local security workaround through IE Seth R Arnold (Apr 05)
- Novell 32bit Client , Passwords Michael Sanders (Apr 06)
- Re: Novell 32bit Client , Passwords Seth R Arnold (Apr 06)
- Re: Novell 32bit Client , Passwords Andrew Griffiths (Apr 06)
- Re: local security workaround through IE Andrew Bennieston (Apr 08)
- Re: local security workaround through IE Mr Jason C Hill (Apr 06)