 Re: Can Any Password be compromised ?
"Vanguard" <no@mail.invalid> wrote in message
news:7vOdnbxeU8dg3A3bnZ2dnUVZ_rignZ2d@comcast.com. ..
> "invntrr" wrote in message news:t1Wji.2434$ZO4.1986@trndny05...
> >
> > "Vanguard" wrote ...
> >
> >> "invntrr" wrote ...
> >>>
> >>> Is it possible to power up and boot from CD?
> >>> I have seen programs that claim access that way
> >>
> >> Yep. That's how you got Windows XP installed in the first place.
> >> There
> >> are lots of LiveCD distros for Linux. BartPE's CD is bootable. As
> >> Sebastian already said, if you permit physical access to the host
> >> then
> >> it can be compromised. Why do you think the server room at the
> >> company
> >> remains locked?
> >>
> >>> I personally know of a device that is able to overlap bios making it
> >>> possible to make a bios password useless
> >
> > I should have said "I personally know of a device that is supposed
> > to
> > overlap bios making it
> > possible to make a bios password useless"
> >
> >> Since the BIOS runs first, no "overlap BIOS" program has yet run to
> >> obviate the action of the BIOS - that of requiring the system
> >> password.
> >> Booting from any device happens after the BIOS has already asked for
> >> the
> >> system password. BIOSes on daughtercards run after the system BIOS
> >> so
> >> they can't obviate the system BIOS, either.
> >>
> >> Name the purported BIOS "overlap" device so we know you really know
> >> what
> >> you claim to know.
> >>
> >
> > What I Claim to know is you seem like a pompous ass and demand I tell
> > you
> > anything.
>
> And meanwhile what you have proven is that you are "like a pompous ass
> and demand that anyone tells you anything" in response to YOUR question.
>
> > Would you agree that most computer cases are locked?
>
> No, and why it was suggested that you do so. Houses and cars have
> locks, too, but that merely keeps out the slightly malicious.
>
> > Would you agree that many people leave the computer on ?
>
> And your point? Never heard of a passworded screensaver or locking the
> terminal? Never heard of shutting down into hibernate mode? Depends on
> the people using THEIR computers as to how frightened they are of
> someone else gaining physical access to their computer.
>
> When you buy a car, it comes delivered with the locks unlocked. It's up
> to you when to decide to use those locks. If you want something other
> then the default setup, to do it.
>
> When you go grocery shopping, it's your choice whether or not to lock
> the car doors. Maybe you leave them unlock which was the same state as
> when you first got that car, so don't be surprised to find the dash
> gutted out when someone decided to ripoff your stereo. Would you leave
> your office unlocked with a wad of cash sitting on your desk? If the
> user walks away while leaving their computer powered on AND while still
> logged in then they chose to leave it unprotected.
>
> > Would you agree most computers look for A ( allowing D drive to be
> > accessed ) drive as a bios default?
>
> That is how the computer hardware is configured by default. The user
> can change it if they want. Are you saying that you are one of those
> boob users that haven't a clue about changing the boot drive order
> setting in BIOS?
>
> > If I were to pay lots of money for this alleged device, I
> > still need physical access to the computer
>
> Ah, so you really were lying about personally knowing of a device that
> bypasses the system BIOS
You could theoretically override the bios with specially designed card
in an old ISA slot, but I don't think it is possible with the PCI or
PCMCIA buses (it depends on the bridge chip set used - I don't think any
would allow that).
That seems to be what your life is all about. Isn't that true dude? Being
beter,knowing more and just out to prove the world is wrong about you..
I'm neither a lier or a no it all .. altough I would perfer the former to
the latter.
>
> > The answer to these questions would determine if
> > http://www.elfqrin.com/docs/biospw.html has any significance.
>
> So we're back to physically protecting the computer's physical contents
> so the malicious intruder can't get inside to move your hard drive to
> their computer so they can get at the contents of your hard drive.
>
> Have you actually TRIED any of those professed backdoor passwords to see
> if they work on YOUR computer?
>
> Flashing the BIOS (to remove the stored password because the flash
> program will also clear the CMOS table) requires getting past the BIOS
> password to then read the floppy to load the OS from which the flash
> program executes. So if the BIOS has a password then it comes up before
> the BIOS accesses the floppy looking for a boot record. So we're back
> to physically protecting the guts of the computer so the user cannot
> reset the BIOS to eliminate its startup password.
>
> Flashing via hardware. Well, we're back to physically protecting the
> computer again. Since you are super-paranoid, go build a bunker, put
> your computer inside along with generator, fuel, and battery backup
> along with food stores, walk inside and then have the entrance filled
> with concrete. That solves a couple problems. Of course, depending on
> how thick you made the walls and how impervious you make them to an EMF
> pulse or explosive blast, the sun going nova or a huge meteor impacting
> your bunker would probably still render computing undoable as either you
> or the computer or both will be dead. Nope, there's no absolute
> protection.
>
> > I feel (unlike you I have been wrong) that no data is safe. The
> > amount of
> > expense and effort determines what value you place on your Data,
>
> Um, starting to sound like you are more worried about others *looking*
> at your "data" rather than protecting it from loss since everyone knows
> about doing backups and securely safeguarding them off-site.
>
> > on the subject I bet this room you keep locked has a nickel and dime
> > lock on
> > the door.
>
> A stick of dynamite will blow away any computer room door, a car door, a
> house door, and <pick any property>. How likely something will be
> subverted depends on how much you are willing to expend on protecting
> it. If a simple lock through the side panel in the computer case is
> insufficient to thwart the expected thief or hack hazards in your area
> then also use the lock on the room's door, live alone and lock the
> house, or put mines under your carpet (I know one problematic user that
> would eliminate).
>
> > If a lock can't be cut ( a battery Dremel will do the job in 30
> > seconds) a
> > 3"-4" hole saw on a portable drill is quick,,, but if I have already
> > gained
> > access why not just rip the computer or at least take it to a
> > different area
> > ?
>
> So now the concern is more focused on others *looking* at your data.
> Hmm, wonder if we have a pedophile trying to hide his kiddie porn from
> the feds raiding his house, or if he is worried that his parents or
> employer can see what shouldn't be on THEIR computer that he is allowed
> to use.
>
> > A computer case offers the same protection as a used condom. One of
> > the
> > easiest things to do is remove the computers front.
>
> Interesting computer cases you are buying. Removing the front of my
> computer cases gives no access to removing the side panel if there is a
> lock on it except by doing physical damage to the case, much like
> blowing the house door off with a stick of dynamite. The front of the
> case is blocked in that the lower grill prevents you getting your
> fingers in and the screws to the hard drives are on the side so they
> aren't reachable from the front.
>
> Since it sounds like you are more scared about others seeing the
> *contents* of your files rather than protecting them from loss which is
> easy prevented with backups, try Googling on whole-disk encryption
> products. Or use something like TrueCrypt if you are only interested in
> hiding the contents of some files.
>
> > What's my point? It is that if I want your system and am willing to
> > pay
> > ...it's mine.
>
> And anyone bent on murdering you and willing to pay any price to get at
> you along with any consequences of killing you, if any, will end up
> killing you. You have become far too enamored with movies, like Mission
> Improbable.
Geez ... how did we get here???
>
> If someone lured you into visiting their web site, or otherwise got your
> IP address, they know who is your ISP. They then go get a job at that
> ISP and work their way into the networking environment to install a
> packet sniffer to ferret out your traffic. So your traffic isn't
> perfectly secure, either.
>
> So where's your car? On the street? Is it locked? Does that prevent
> it from being stolen? Does locking it in a garage prevent someone from
> breaking through the side door, forcing up the garage door, or breaking
> out a window to get inside to hotwire your car and drive it through the
> garage door to steal it?
>
> So because it is absolutely impossible to prevent anyone with enough
> means, patience, and determination from stealing your property means you
> shouldn't protect it at all? Uh huh. I'm beginning to feel like I'm
> talking to a kid living at home who couldn't give a gnat's fart about
> protecting anything to any degree because mommy and daddy will buy them
> another one. I'm also starting to wonder who really owns the computer
> that inventrr uses.
>
> > What's a working parent willing to pay to keep his kid off MY Space?
>
> You're running a porn site and worrying about keeping the kids away?
> Require a credit card to enter. Then the onus is off you because you
> have diverted the authentication that the user is an adult to the credit
> card company. The kids won't get in unless they use their parent's
> credit card (and then again it isn't your fault that they got in but
> instead the parents for not protecting and disciplining their children),
> and you'll also keep out the adults who would be offended by your
> content (i.e., if they went through the process of credit card
> authentication then they made deliberate effort to see your porn spew).
> I'm sure there are sites or forums of where to discuss how to legally
> protect your porn site but I don't run one so you'll have to go Googling
> for that info.
>
> > What's the NSA willing to spend to keep it's security?
>
> $3.6 billion.
>
> > Many like you assume everyone has enough knowledge to be literate with
> > computers but in the real world there are millions of working,single
> > moms
> > that still think computers will burn up if you just look inside ...
> > forget
> > passwords ... to them it's another world. Most computer literate
> > kids
> > know more then parents anyway.
>
> Right, and why allowing physical access to YOUR computer will mean it
> will get screwed over. Kids don't work so they have plenty of time to
> prod around to find a weakness. Of course, maybe they'll just stand
> behind your shoulder to watch you login. Get the kids their own
> computer and let them screw over themselves.
THAT'S PRECIOUS.
>
> The computers that YOU are talking about are general-purpose machines
> and as such will always have security vulnerabilities both in hardware
> and software. Special- or single-purpose computing appliances are much
> harder to attack or hack (but again not impossible). It's pretty
> difficult to hack into that calculator sitting in your desk and there
> wouldn't be much of a reward for doing so.
>  |