[ale] SSH attempts
Michael B. Trausch
mike at trausch.us
Mon Sep 19 13:00:26 EDT 2011
On Mon, 2011-09-19 at 12:56 -0400, Bob Toxen wrote:
> On Mon, Sep 19, 2011 at 12:30:45PM -0400, Michael B. Trausch wrote:
> > On Mon, 2011-09-19 at 12:10 -0400, Bob Toxen wrote:
> > > This is why it is critical to have both a bootloader (grub or
> lilo)
> > > password and also a BIOS password. They can be set so that the
> > > password is needed ONLY when booting other than the default device
> > > (BIOS) or default kernel environment (bootloader).
>
> > I have seen that functionality in a bootloader, but never before in
> a
> > BIOS. What systems come with a BIOS that has that feature, do you
> know?
> > That would be a nice feature to have. Then again, I'm not sure that
> it
> > would matter: physical access means that you can wipe the BIOS
> password,
> > and then we're back at square one, being able to pwn the box.
> EVERY i86 BIOS I have seen has this feature. Boot into the BIOS and
> go through the screens looking for an option to set the password,
> sometimes called the "supervisor password". Just don't forget it.
> (Yes, it can be erased by those who know how.)
On my systems, this simply prevents entering the BIOS.
It does not disable or password-protect the boot list feature, however.
So, I'd still be interested if you know a BIOS that does that.
(I'd also be interested if you know about a secure BIOS that doesn't
have the "feature" of being able to have its password wiped in 45
seconds...)
--- Mike
--
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
--- Carveth Read, “Logic”
More information about the Ale
mailing list