Password Changer

[davd_bob]

I click on the adds on BP6.com. This one was there today and got my intrest. Kinda makes ya wonder if ANY network security has any security.
What do ya'all think of this product?

http://www.password-changer.com/ad-google.htm

[Atropos]

hi there,

it's well known that NT (2000/XP) passwords can be reset
if one has "hardware" access to your box.
All one needs is a boot floppy (or CD) from
[link]http://home.eunet.no/~pnordahl/ntpasswd/[/link]
and a bios allowing to boot from either one.

So if you want to set up a box that is "secure" disable boot from anything
but HDD. Protect bios settings with password and make sure no one can
access the box to remove bios battery.

I had the problem in office when one of our employees hacked the
Admin account to install JRE just to use LimeWire in office. (Well, fast
internet commections make people think about bad things )
Now he's an ex-employee.

Bye,
Atropos

[phaedrus]

hi there,

it's well known that NT (2000/XP) passwords can be reset
if one has "hardware" access to your box.
All one needs is a boot floppy (or CD) from
[link]http://home.eunet.no/~pnordahl/ntpasswd/[/link]
and a bios allowing to boot from either one.

It is possible to do this to a Linux box too. A bootable CD or floppy is the easiest way. Just make sure you have a text editor on there, and you can delete any password in /etc/shadow at will. You can even create a dummy root account called something like r00t with an empty password if you want (you'd do this in /etc/passwd).

You can also do it without the boot disk, but you have to be a little more 1337. From LILO, add "init=/bin/bash" as an option after the image name. Instead of running /sbin/init the kernel will run /bin/bash. Absolutely nothing will be running, so you'll need to mount drives manually (and umount them manually before you reboot). It's more than a little dangerous (and I've left out a couple important details here ).

The solution is to lock your case, password protect your BIOS as well as LILO. I would assume grub has a similar gotcha.

So if you want to set up a box that is "secure" disable boot from anything
but HDD. Protect bios settings with password and make sure no one can
access the box to remove bios battery.

The other question to ask is, "who am I trying to defend against?" If you're worried about errant employees who have private access to the hardware and console, well, this may be necessary. I've just got my girlfriend to worry about and the h4x0rz on the net. I run with the side of my case off and nothing passworded until the login prompt. I figure it's handy to leave that hole wide open for the cold day in hell when I forget my root password (it hasn't happened in the last 6 years...).

A home computer probably shouldn't need to be secured like an NSA server (I'm just worried about my kids someday... I've sworn off technological solutions to parenting problems to avoid an arms race, hopefully it works).

Jeff

[Atropos]

the boxes at home usually need no bios password and locked cases.

A home computer probably shouldn't need to be secured like an NSA server (I'm just worried about my kids someday... I've sworn off technological solutions to parenting problems to avoid an arms race, hopefully it works).

I guess you're right at this point. Technical solutions cannot be a substitute
for talking to the kids about "go" and "no-go" while "playing" with the box
and the net. (Guess it's the same for television.... )

Atropos

[phaedrus]

the boxes at home usually need no bios password and locked cases.

I guess you're right at this point. Technical solutions cannot be a substitute
for talking to the kids about "go" and "no-go" while "playing" with the box
and the net. (Guess it's the same for television.... )

I don't have kids yet, but both my girlfriend and I are computer saavy and as such, we know what trouble they could get into. I also know that if my (future) kids are anything like me, they'll find a way to break through any security shield I put in place. I was following bugtrack and figuring out how to write buffer overflow exploits when I was in high school. I'd rather have a diplomatic solution than a long term war on my hands.

As best as I can tell, technology won't ever match good parenting. We'll see what happens in 10 years when I've got kids old enough to cause trouble on the computer[s].

Jeff