Bugtraq mailing list archives
Re: ASUS mother board security question...
From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Sun, 26 Sep 1999 17:04:27 +1200
The one to watch are the machines that allow remote shutdown via lan messages. They have a password scheme, but its unencrypted
Nope -- the one to watch are those implementing the "reboot from LAN image" option. I think, today, that is none, but the PC98, etc specifications make some hilarious reading -- hilarious, that is, if so many of the things suggested as likely to be required in near-future updates of the spec weren't so damn stupid/short-sighted. The afterthought (expressed in a footnote to the "reboot from LAN image" option) to the effect "it may be advisable to develop an authentication mechanism for this feature" is a classic example of the contempt in which security is held amongst designers at Richmond. Regards, Nick FitzGerald
Current thread:
- LD_PROFILE local root exploit for solaris 2.6, (continued)
- LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
- Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
- Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
- Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
- Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
- Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)
- Re: LD_PROFILE local root exploit for solaris 2.6 Pavel Kankovsky (Sep 24)
- Re: Vulnerability in dtaction on Digital Unix Dave Dittrich (Sep 22)
- Re: ASUS mother board security question... Alan Cox (Sep 16)
- Re: ASUS mother board security question... Nick FitzGerald (Sep 25)