Vulnerability Development mailing list archives
Re: Windows: Local Security Workarounds-DD
From: 11a () GMX NET (Bluefish)
Date: Sat, 8 Apr 2000 15:01:34 +0200
before the password was enabled....I used the cmoskill and it got rid of ALL the passwords on the system, not just the bios password...it was entirely too easy...surely there must be a way around it....
Most systems (BIOSes) are not designed to cope with exposure to cracking tools (the semi-fix is to use NT/Unix and disable floppy boots, not entirely secure anyway [see the threads about physical security]). A number of systems such as Thinkpad and a few desktop computers stores the passwords in some protected way (or at least, not in CMOS). For as long as it is unknown how these system works, it complicates analysis. The main advantage is that it makes it less meaningfull to steal the computer, it does not improve the security of the data on harddisk. But to make the story short: no, as long as your hardware does not offer some way of protecting your password(or password hash) it is next to impossible for BIOS manufacturers to secure passwords. It's quite funny that they haven't invested time in offering secured password, because anyone who knows VHDL or Verilog could make some kind of "safe" in a few lines of code where a bios could lock the password access once done with it. That would render software attacks useless. Regarding your softice problem, I didn't really understand what it was doing. Perhaps someone with greater knowledge of softice could help you out (a bit off-topic in vuln-dev, perhaps) Regarding cracking cached passwords, won't simply cracking their loginpasswords do? then you could use some other utility to display all cached passwords (software, details and theroy on the subject is available on the web, www.altavista.com). ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Windows: Local Security Workarounds - Other operating systems? WHiTe VaMPiRe (Apr 06)
- Windows: Local Security Workarounds-DD Diedra Holley (Apr 07)
- Re: Windows: Local Security Workarounds-DD Bluefish (Apr 08)
- Re: Windows: Local Security Workarounds-DD H D Moore (Apr 08)
- Windows: Local Security Workarounds-DD Diedra Holley (Apr 07)