| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Apr 1 08:26:30 2005 From: frank_bussink at hotmail.com (Frank Bussink) Subject: IBM Laptop harddisk password bypass A feature badly configured or a bug on most of the IBM laptops T model and X model allows to access to the hard-disk without entering the password by using the WOL feature. (Tested on T40, T41, T42, X24, X30, X40 ) By default : WOL feature is on By default : Network boot order contains CD-ROM Most people enter the same bios and hard-disk password ( as 2 diffenrent passwords is too much for most users ) Step-by-step ############ - Plug-ins the power supply in the laptop - Insert a bootable CDrom (not a DOS one, but for example a WinPE or a WINXP made with Bart ) - Plug-In the network - OpenUp the laptop without powering it up. - Send from another computer a WOL packet ( my tool for Win32 http://frank.bussink.ch/download/wol.zip) with the mac address of the laptop - don't touch a key - after 90 seconds waiting the laptop will boot on the CD-ROM - so if the hard-disk is not encrypted you can now access the hard-disk data ! For Security Administrators : ########################## To secure the laptops, uncheck the WOL feature in the BIOS or if you need WOL capabilities, leave only the hard-disk in the Network boot order. The best will still to implement a hard-disk encryption solution. Have fun Frank _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Powered by blists - more mailing lists