Vulnerability Development mailing list archives
Re: local security workaround through IE
From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Wed, 5 Apr 2000 20:30:00 -0700
* Bluefish <11a () GMX NET> [000405 17:04]:
Well, no. Say you are at a library; the BIOS is protected by a password.. place is busy, people around you, librarians watching.. are you going to be able to open up the case, reset the BIOS (even via other methods), boot a disk, circumvent the security? No.Uhm, you are assuming that every terminal is placed so that everyone has a clear view of it, and that the library always is crowded. I'm aware of people who actually have attacked public terminals. It is an error of judgement to assume that computers which aren't physically secured.
I feel I should also point out social engineering attacks -- so you show up wearing a semi-nice looking outfit, a toolbox, clipboard with a grid on it and names of locations, etc... and if anyone asks why you are cracking a computer open, claim "I'm the new guy." Low risk -- say they no there is no new-guy -- you walk away. If they don't know, they *watch you crack open the BIOS and do whatever*. No physical security --> no security. -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help
Current thread:
- Re: local security workaround through IE Seth R Arnold (Mar 31)
- <Possible follow-ups>
- Re: local security workaround through IE WHiTe VaMPiRe (Mar 31)
- Re: local security workaround through IE Matthew S. Hallacy (Apr 03)
- Re: local security workaround through IE Bluefish (Apr 05)
- Re: local security workaround through IE WHiTe VaMPiRe (Apr 05)
- Re: local security workaround through IE Seth R Arnold (Apr 05)
- Novell 32bit Client , Passwords Michael Sanders (Apr 06)
- Re: Novell 32bit Client , Passwords Seth R Arnold (Apr 06)
- Re: Novell 32bit Client , Passwords Andrew Griffiths (Apr 06)
- Re: local security workaround through IE Andrew Bennieston (Apr 08)
- Re: local security workaround through IE Mr Jason C Hill (Apr 06)
- Award BIOS passwords (was Re: local security workaround through IE) Robert A. Seace (Apr 06)
- Re: Award BIOS passwords (was Re: local security workaround through IE) jnzero (Apr 07)