James Evans wrote:
> This is not an incredibly serious problem as such, since a user can go
> back into the BIOS setup and change the password there, provided the
> BIOS Setup is not protected with an unknown password. Or, as a last
> resort, Dell can be phoned to provide a master backdoor password, as
> long as the user can prove herself the legal owner of the computer. Of
> course, the prerequisite of physical access to the machine highly
> mitigates this vulnerability.
...and once upon a time the default backdoor dell password was "dell".
seriously, bios passwords are worthless. there are numerous ways to get
around them. most motherboards have a jumper that you can set to reset
your cmos / bios (probably misusing one of those terms) to the factory
defaults. or you can just yank the cmos battery out. for your laptop, it
might be a bit trickier, but you can usually get to the jumpers
underneath the keyboard (at least on my old sager you could).
hth.
-jon
--
jon (at) divisionbyzero (dot) com [email concealed] || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."
> This is not an incredibly serious problem as such, since a user can go
> back into the BIOS setup and change the password there, provided the
> BIOS Setup is not protected with an unknown password. Or, as a last
> resort, Dell can be phoned to provide a master backdoor password, as
> long as the user can prove herself the legal owner of the computer. Of
> course, the prerequisite of physical access to the machine highly
> mitigates this vulnerability.
...and once upon a time the default backdoor dell password was "dell".
seriously, bios passwords are worthless. there are numerous ways to get
around them. most motherboards have a jumper that you can set to reset
your cmos / bios (probably misusing one of those terms) to the factory
defaults. or you can just yank the cmos battery out. for your laptop, it
might be a bit trickier, but you can usually get to the jumpers
underneath the keyboard (at least on my old sager you could).
hth.
-jon
--
jon (at) divisionbyzero (dot) com [email concealed] || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."
[ reply ]