Re: Windows: Local Security Workarounds-DD

[11a () GMX NET (Bluefish)]

> before the password was enabled....I used the cmoskill and it got rid of
> ALL the passwords on the system, not just the bios password...it was
> entirely too easy...surely there must be a way around it....

Most systems (BIOSes) are not designed to cope with exposure to cracking
tools (the semi-fix is to use NT/Unix and disable floppy boots, not
entirely secure anyway [see the threads about physical security]).

A number of systems such as Thinkpad and a few desktop computers stores
the passwords in some protected way (or at least, not in CMOS). For as
long as it is unknown how these system works, it complicates analysis. The
main advantage is that it makes it less meaningfull to steal the
computer, it does not improve the security of the data on harddisk.

But to make the story short: no, as long as your hardware does not offer
some way of protecting your password(or password hash) it is next to
impossible for BIOS manufacturers to secure passwords. It's quite funny
that they haven't invested time in offering secured password, because
anyone who knows VHDL or Verilog could make some kind of "safe" in
a few lines of code where a bios could lock the password access once done
with it. That would render software attacks useless.

Regarding your softice problem, I didn't really understand what it was
doing. Perhaps someone with greater knowledge of softice could help you
out (a bit off-topic in vuln-dev, perhaps)

Regarding cracking cached passwords, won't simply cracking their
loginpasswords do? then you could use some other utility to display all
cached passwords (software, details and theroy on the subject is available
on the web, www.altavista.com).

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team