[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Entering without a password...

To: OpenBSD Miscellaneous <misc@openbsd.org>
Subject: Re: Entering without a password...
From: "Oliver J. Morais" <oliver.morais@chello.at>
Date: Sat, 14 Feb 2004 10:24:59 +0100
Content-Disposition: inline
Organization: Mobile Infantry
References: <Pine.LNX.4.58.0402141425380.263@mayuresh.vsnl.com>
User-Agent: Mutt/1.5.5.1i

* Mayuresh Kathe <mayuresh@vsnl.com> [040214 09:58]:
> It outlines how a user can get in if s/he has forgoten the root password.
> Isn't it risky? so if someone has physical access to a machine they can
> easily get in.

Physical access is administrative access. Always.

> Is there anyway to override this behaviour?

Lock away your boxen? ;-)

> Then we can make a machine super secure by having a box without a floppy
> disk or a CD-ROM drive.

And anyone with pyhsical access can open the box and plug in a floppy,
CD-Rom, might even just plug in a USB/firewire CD-Rom and boot. Oh,
forget about BIOS passwords, there are always ways to reset these.
Or just put in a second harddisk in the box, boot from it and dd the
original disk so he/she can take it home for analysis and so on and
so on. Think about external key-loggers, just plugged in between the
box and the keybaord. And so on... Cruel, isn't it? }:->

regards,
oliver

References:
- Entering without a password...
  - From: Mayuresh Kathe <mayuresh@vsnl.com>

Prev by Date: Re: Entering without a password...
Next by Date: Re: Entering without a password...
Prev by thread: Re: Entering without a password...
Next by thread: Re: Entering without a password...
Index(es):
- Date
- Thread