| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Dec 2003 23:37:58 -0800 From: jon schatz <jon@...isionbyzero.com> To: James Evans <jae7@...igh.edu> Cc: bugtraq@...urityfocus.com Subject: Re: Dell BIOS DoS James Evans wrote: > This is not an incredibly serious problem as such, since a user can go > back into the BIOS setup and change the password there, provided the > BIOS Setup is not protected with an unknown password. Or, as a last > resort, Dell can be phoned to provide a master backdoor password, as > long as the user can prove herself the legal owner of the computer. Of > course, the prerequisite of physical access to the machine highly > mitigates this vulnerability. ...and once upon a time the default backdoor dell password was "dell". seriously, bios passwords are worthless. there are numerous ways to get around them. most motherboards have a jumper that you can set to reset your cmos / bios (probably misusing one of those terms) to the factory defaults. or you can just yank the cmos battery out. for your laptop, it might be a bit trickier, but you can usually get to the jumpers underneath the keyboard (at least on my old sager you could). hth. -jon -- jon@...isionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
Powered by blists - more mailing lists