Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: local security workaround through IE

From: sarnold () WILLAMETTE EDU (Seth R Arnold)
Date: Wed, 5 Apr 2000 20:30:00 -0700

* Bluefish <11a () GMX NET> [000405 17:04]:

    Well, no.  Say you are at a library; the BIOS is protected by a
password.. place is busy, people around you, librarians watching.. are
you going to be able to open up the case, reset the BIOS (even via other
methods), boot a disk, circumvent the security?  No.


Uhm, you are assuming that every terminal is placed so that everyone has a
clear view of it, and that the library always is crowded. I'm aware of
people who actually have attacked public terminals. It is an error of
judgement to assume that computers which aren't physically secured.


I feel I should also point out social engineering attacks -- so you show
up wearing a semi-nice looking outfit, a toolbox, clipboard with a grid
on it and names of locations, etc... and if anyone asks why you are
cracking a computer open, claim "I'm the new guy."

Low risk -- say they no there is no new-guy -- you walk away. If they
don't know, they *watch you crack open the BIOS and do whatever*.

No physical security --> no security.

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Previous By Date Next
Previous By Thread Next

Current thread: