Bugtraq mailing list archives

Re: ASUS mother board security question...

From: nick () VIRUS-L DEMON CO UK (Nick FitzGerald)
Date: Sun, 26 Sep 1999 17:04:27 +1200

The one to watch are the machines that allow remote shutdown via lan messages.
They have a password scheme, but its unencrypted


Nope -- the one to watch are those implementing the "reboot from LAN
image" option.

I think, today, that is none, but the PC98, etc specifications make
some hilarious reading -- hilarious, that is, if so many of the
things suggested as likely to be required in near-future updates of
the spec weren't so damn stupid/short-sighted.

The afterthought (expressed in a footnote to the "reboot from LAN
image" option) to the effect "it may be advisable to develop an
authentication mechanism for this feature" is a classic example of
the contempt in which security is held amongst designers at Richmond.

Regards,

Nick FitzGerald

Current thread:

LD_PROFILE local root exploit for solaris 2.6, (continued)
- - - LD_PROFILE local root exploit for solaris 2.6 Steve Mynott (Sep 22)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Brock Sides (Sep 23)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Erik Fichtner (Sep 23)
    - Announcing Second Annual TooRcon Computer Security Expo Ben (Sep 25)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Casper Dik (Sep 24)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Eric Daniel (Sep 28)
    - Re: LD_PROFILE local root exploit for solaris 2.6 Pavel Kankovsky (Sep 24)
    - Re: Vulnerability in dtaction on Digital Unix Dave Dittrich (Sep 22)
- ASUS mother board security question... Bob (Sep 16)
  - Re: ASUS mother board security question... Alan Cox (Sep 16)
    - Re: ASUS mother board security question... Nick FitzGerald (Sep 25)