Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability

From: Seth Arnold (sarnold@private)
Date: Mon Feb 17 2003 - 16:13:40 PST

Next message: Michael Smith: "Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"

Previous message: Jacob Redding: "Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
In reply to: Wanja Eric Naef [IWS]: "CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
Next in thread: Michael Smith: "Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 17, 2003 at 11:47:43PM -0000, Wanja Eric Naef [IWS] wrote:
> BTW question: they recommend to have a strong BIOS password as
> countermeasure, but is not just possible to put a new BIOS in or reset
> it to bypass this feature???

Sure. But it is intended to raise the bar a little, and properly locked
cabininets go a long way towards further mitigating the risk. This list
has hashed over this question ad nauseum several times that I can recall;
mail majordomo@private with a body of "help" .. maybe list archives
are available.

-- 
"Security for who?" -- Crispin Cowan

application/pgp-signature attachment: stored

Next message: Michael Smith: "Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
Previous message: Jacob Redding: "Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
In reply to: Wanja Eric Naef [IWS]: "CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
Next in thread: Michael Smith: "Re: CRIME OCIPEP AV03-008 - Microsoft Windows XP Password Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 17 2003 - 16:52:11 PST