If your taking this that way then this is a new threat, I find it funny how everyone refer to the boot floppy thing because booting from floppy is very easy to block... I assume that every security professional, and most home user(especially Mac user) know that you can remove the floppy drive...
The best way to prevent booting into a unauthorised os is to remove the floppy drive, the cdrom drive, protect booting with a bios password and use a secure fortified box to host the computer this way the user at the keyboard have no way to install the floppy drive or remove the hard disk... This would be the way to do Physical Security on a box need to have it's console available to user...

So this is not the same thing as removing the HD or booting from a floppy, but it's not a big deal... and if do some physical security of the box itself by using the way i just said, i really don't understand what CMD.EXE(probably needed by the recovery console) still do on the system...

I don't think it's a vulnerability, well if it's a Vulnerability PLEASE DON'T PATCH IT!!!
So I agree partially with Tim and Completly disagree with the Media ;)


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/144/18369#18369