Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: BoS: Magic password of some linux-box(Hardware..) (fwd)

BoS: Magic password of some linux-box(Hardware..) (fwd)

sameer (sameerc2.net)
Thu, 21 Nov 1996 12:48:45 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: sameer: "L0pht Kerberos Advisory"
Previous message: CERT Advisory: "CERT Advisory CA-96.24 - Sendmail Daemon Mode Vulnerability"

----- Forwarded message from Eugene Bradley -----
[. . .] Complex plan elided
----- End of forwarded message from Eugene Bradley -----

        That's not nearly necessary. All they need to do is embed a
secret key. The same secret key would work fine, I think, it isn't all
that high security. Then if someone wants to break the bios pw they
enter something like 'BreakPW' - then the BIOS spits out a random
string. User calls the 800 number, tells the 800 number the challenge
string. the 800 number then encrypts the challenge string with the
secret key and then theuser enters it.

        simple and effective. Not exportable though. =)

--
Sameer Parekh                                   Voice:   510-986-8770
President                                       FAX:     510-986-8777
C2Net
http://www.c2.net/                              sameerc2.net

Next message: sameer: "L0pht Kerberos Advisory"
Previous message: CERT Advisory: "CERT Advisory CA-96.24 - Sendmail Daemon Mode Vulnerability"