ANY box, whether it run windows, Linux, a flavor of UNIX, the mac OS or Amiga DOS is vunerable when someone has physical access to it. Period. Its already proven that given enough time and CPU cycles any encryption can be hacked, and if I can walk out the door with your sys drive I have all the time in the world.

The real question here is , did the media blow this issue out of proportion... my answer is yes. Why hasnt the media written about the horrible hole in the UNIX passwd file if you dont shadow your passwords? Or how about the hole in the sparc 20 firmware that allows you to gain root access to a solaris installation, or the fact that any SGI Indy can be booted into firmware without a password unless it is explicitly set by the admin? No matter what, if I am sitting at the servers console and have access to its hardware .. I OWN THE BOX ,, the OS is irrelivant

Eric

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/144/18448#18448