[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C823AC1DB499D511BB7C00B0D0F0574C5843FB@serverdell2200.interclean.com>
Date: Tue, 9 Dec 2003 14:06:19 -0500
From: David Brodbeck <DavidB@...l.interclean.com>
To: 'jon schatz' <jon@...isionbyzero.com>
Cc: bugtraq@...urityfocus.com
Subject: RE: Dell BIOS DoS
> -----Original Message-----
> From: jon schatz [mailto:jon@...isionbyzero.com]
> seriously, bios passwords are worthless. there are numerous
> ways to get
> around them. most motherboards have a jumper that you can set
> to reset
> your cmos / bios (probably misusing one of those terms) to
> the factory
> defaults. or you can just yank the cmos battery out.
Once upon a time, Sun Sparcstations stored the password in the NVRAM chip.
This chip had an internal battery. If you lost the password, that was it,
the only official fix was to replace the NVRAM chip. (At least it was
socketed.) Even that turned out to not be a serious problem, though; it
turned out if you removed the chip entirely, the system would boot to the
ROM monitor. Then you could put the chip back in "hot" and clear the
password.
There is no such thing as security from someone who has physical access to
the hardware.
Powered by blists - more mailing lists