lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C823AC1DB499D511BB7C00B0D0F0574C5843FB@serverdell2200.interclean.com>
Date: Tue, 9 Dec 2003 14:06:19 -0500
From: David Brodbeck <DavidB@...l.interclean.com>
To: 'jon schatz' <jon@...isionbyzero.com>
Cc: bugtraq@...urityfocus.com
Subject: RE: Dell BIOS DoS




> -----Original Message-----
> From: jon schatz [mailto:jon@...isionbyzero.com]

> seriously, bios passwords are worthless. there are numerous 
> ways to get 
> around them. most motherboards have a jumper that you can set 
> to reset 
> your cmos / bios (probably misusing one of those terms) to 
> the factory 
> defaults. or you can just yank the cmos battery out.

Once upon a time, Sun Sparcstations stored the password in the NVRAM chip.
This chip had an internal battery.  If you lost the password, that was it,
the only official fix was to replace the NVRAM chip.  (At least it was
socketed.)  Even that turned out to not be a serious problem, though; it
turned out if you removed the chip entirely, the system would boot to the
ROM monitor.  Then you could put the chip back in "hot" and clear the
password.

There is no such thing as security from someone who has physical access to
the hardware.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ