Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security Bypass, 1 Key-Press Away?

  • 10-04-2002 12:30am
    #1
    Alias Bob
    Closed Accounts Posts: 65 ✭✭


    Quote:
    From SMH.com.au News - Technology

    Statement as follows.

    I have just discovered that the windows logon password is useless. Anyone pressing Esc can have full access. What do you recommend?

    Full Story at SMH.co.au

    Click on link below:


    [URL=http://]http://www.smh.com.au/technology/index.html - Windows Login Security Flaw[/URL]

    ___________________________________________________
    Check it out lads, and see if this alleged flaw is as stated or not.

    Yours
    Alias Bob
    Don't forget my Guinness lads.
    :cool:


Comments

  • #2
    MiCr0
    Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    are you serious?
    did you actually read the article?
    Q I have just discovered that the windows logon password is useless. Anyone pressing Esc can have full access. I am going away for a little while and have a relative in the house and I need to protect the computer from busy eyes. Have you any advice that I might use? -- K. Dobson

    A The best way is to use a BIOS password. This will prevent anyone from starting your computer and they will not be able to boot even from a floppy as the BIOS (Basic Input Output System) is checked before the operating system is loaded.

    The BIOS can be entered by pressing a specific key when booting. This is shown on the opening screen often as Press DEL to enter Setup. If you are not sure then consult the motherboard manual but be aware that there are also some computers that have this set by a software utility that comes with the computer.

    If you have never gone into the BIOS setup then be careful not to alter anything that you do not understand. When the BIOS screen comes up, select the Password or Security section.

    Carefully enter the user password (it is almost always case-sensitive). Generally, you do not need to enter the Supervisor password. This just prevents a user from accessing the BIOS.

    If you forget this password there is a jumper that needs to be shorted out on the motherboard to restore all settings to the default values and hence clear the password.

    Many users alter the BIOS without understanding what the BIOS does. The BIOS tells the CPU about the makeup of your computer. This includes what disk drives there are, which one to boot from, where the keyboard is, where the video is (the memory locations) and other such mundane things as where the clock is and how to read it.

    All this is done before the operating system is loaded, regardless of whether you are running DOS, NT, Unix or Windows. The CPU is very fast but very dumb on its own. The BIOS makes it aware of the hardware and operating system and tells it how to deal with the application software.

    the only systems that i think it applies to are very old windows systems - like 95.98(maybe ME) that have no user system builtin


  • #3
    Alias Bob
    Closed Accounts Posts: 65 ✭✭Alias Bob


    are you serious?

    A The best way is to use a BIOS password. This will prevent anyone from starting your computer and they will not be able to boot even from a floppy as the BIOS (Basic Input Output System) is checked before the operating system is loaded.
    The BIOS can be entered by pressing a specific key when booting. This is shown on the opening screen often as Press DEL to enter Setup. If you are not sure then consult the motherboard manual but be aware that there are also some computers that have this set by a software utility that comes with the computer.


    Are you seriously saying that we should encourage," Computer Operators," to use this system as described, to safeguard a password?

    Just think for one moment, how much damage a disgruntled company employee could do, just by reprogramming the BIOS.

    Yours
    Alias Bob
    Don't forget my Guinness lads.
    :cool:


  • #4
    Meh
    Closed Accounts Posts: 1,295 ✭✭✭Meh


    Originally posted by Alias Bob
    Just think for one moment, how much damage a disgruntled company employee could do, just by reprogramming the BIOS.
    If an attacker has physical access to the machine, then there's no security whatsoever -- they can do whatever they want, and there's no way software or passwords can stop them. First rule of computer security is "Lock the server room door"


  • #5
    Static M.e.
    Registered Users, Registered Users 2 Posts: 3,091 ✭✭✭Static M.e.


    Lads
    link is down but isnt this chap just protecting his comp. from a
    relative, big deal ,bios password perfect solution for short term
    newbie protection.

    for an office situ.
    Any proper admin can crack a bios password without breaking a sweat, and a disgruntled employee could can do very little with the bios on a 98 box that he couldnt do in the system anyway.
    ( as meh pointed out )

    You can actually change that "esc" to enter anyway if you do want to protect your 98box from kids.


  • #6
    Snaga
    Registered Users, Registered Users 2 Posts: 1,562 ✭✭✭Snaga


    or you could pop the case open, remove the bios password jumper, reboot and live happy.

    The bios password is a great way to stop other people using your machine. In an office situ the worst case scenario is you get your consultant/support person to do the above.


  • Advertisement
  • #7
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Originally posted by Alias Bob

    Just think for one moment, how much damage a disgruntled company employee could do, just by reprogramming the BIOS.

    As Snaga said, it's just a case of pulling a jumper and rebooting. Most motherboards have this jumper marked 'PASS' or 'PWD' or something just as obvious. Bios passwords are useless on unattended machines, ie servers, because anyone who wants your info knows how to do this. (as Meh said)

    The Esc button is a Win 95/98/ME thing. Pressing the 'Cancel' Button when asked to log in does the same thing........ :rolleyes:

    As for the article, the advice is sound. Chances are his relatives either won't know how to reset the BIOS password or couldn't be bothered. I do it too, when I go away. My bro knows how to do it, but my comp is sitting under a monitor, beside another comp, and precariously balanced on a dresser, with 20 odd cables in/out of it, thus making case removal a pain in the arse and not worth it.

    :)


  • #8
    The_Bullman
    Registered Users, Registered Users 2 Posts: 1,997 ✭✭✭The_Bullman


    was that a log in button or just a microsoft netmeeting thing. as far as i know you can press cancel for netmeeting and it will let you log on anyway


  • #9
    SantaHoe
    Closed Accounts Posts: 7,488 ✭✭✭SantaHoe


    BIOS password + padlock the case shut (yes some machines already have the proper fittings) ... still I guess it won't stop someone with a hacksaw and a few spare minutes :)


Advertisement