Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Dell BIOS DoS

Dell BIOS DoS

From: Ross Draper <Ross.Draper_at_musicradio.com>
Date: Tue, 9 Dec 2003 20:08:31 -0000

I agree with your points Jon, but lets be fair here, BIOS passwords do
have a use - especially on laptops.

Although nobody in there right mind would rely on them as the sole
protection for a machine, they are certainly worthwhile both as a
deterrant to the casual snooper and as a delaying tactic to your average
criminal.

At the very least they can buy a couple of hours for the end-user to
contact his/her IT department to block any dial-in accounts and reset
any passwords that may be compromised... assuming they remember to call
you that is ;-)

Cheers

Ross

_____________________________________________
From: jon schatz <jon_at_divisionbyzero.com>@RADIO
Sent: 09 December 2003 07:38
To: James Evans
Cc: bugtraq_at_securityfocus.com
Subject: Re: Dell BIOS DoS

 
James Evans wrote:
> This is not an incredibly serious problem as such, since a user can go
> back into the BIOS setup and change the password there, provided the
> BIOS Setup is not protected with an unknown password. Or, as a last
> resort, Dell can be phoned to provide a master backdoor password, as
> long as the user can prove herself the legal owner of the computer. Of
> course, the prerequisite of physical access to the machine highly
> mitigates this vulnerability.

...and once upon a time the default backdoor dell password was "dell".

seriously, bios passwords are worthless. there are numerous ways to get
around them. most motherboards have a jumper that you can set to reset
your cmos / bios (probably misusing one of those terms) to the factory
defaults. or you can just yank the cmos battery out. for your laptop, it
might be a bit trickier, but you can usually get to the jumpers
underneath the keyboard (at least on my old sager you could).

hth.

-jon 

--
jon_at_divisionbyzero.com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."
GWR on the Web
http://www.musicradio.com                           http://www.classicfm.com
	
http://www.corefreshhits.com                    http://www.planetrock.com
http://www.opusonline.co.uk                         http://www.gwrgroup.com
CONFIDENTIALITY NOTICE
***************************************************************************
The information in this e-mail and any attachments to it is confidential
and may be legally privileged or prohibited from disclosure and
unauthorised use. If you are not the intended recipient, any  use, copying,
disclosure, modification, distribution and/or publication of this 
message or its attachments (if any) is prohibited and may be unlawful.
We will not accept liability for any claims arising as a result
of the use of the internet to transmit information by or to GWR Group plc.
***************************************************************************
The information in this e-mail and any attachments to it is confidential
and may be legally privileged or prohibited from disclosure and
unauthorised use. If you are not the intended recipient, any  use, copying,
disclosure, modification, distribution and/or publication of this 
message or its attachments (if any) is prohibited and may be unlawful.
We will not accept liability for any claims arising as a result
of the use of the internet to transmit information by or to GWR Group plc.
Received on Dec 09 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]