Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!rutgers!ames!ptsfa!ihnp4!laidbak!mdb From: mdb@laidbak.UUCP (Mark Brukhartz) Newsgroups: comp.sys.att Subject: Re: undocumented option in AT&T System V, Version 2.0 Message-ID: <1098@laidbak.UUCP> Date: Tue, 28-Jul-87 02:21:12 EDT Article-I.D.: laidbak.1098 Posted: Tue Jul 28 02:21:12 1987 Date-Received: Wed, 29-Jul-87 06:37:05 EDT References: <476@musky2.UUCP> <13050011@acf4.UUCP> Organization: Lachman Associates, Inc., Naperville, IL Lines: 23 Summary: Protection from attackers with physical access to the machine is difficult. In article <13050011@acf4.UUCP>, leonard@acf4.UUCP (shanna leonard) writes: > Yep! works with version 3.0 too. Looks like we should all make sure > to change that firmware password from the default! The 3B2 firmware password may be reset by unplugging the "non-volatile RAM" battery for a moment while the primary power is off. The bootable floppy does not itself cause a computer security problem any more than the #1 Phillips screwdriver which removes the 3B2 cover. They are both tools of knowledgeable attackers. Protection from an attacker with physical access to the machine is a non-trivial problem. The solutions with which I am familiar involve removable media and encryption. Even they often lack protection against Trojan horses in the fixed-media-based software. The 3B2 firmware password is analogous to a lock on a door. They both hinder entry, and both fail against knowledgeable attacks. Mark Brukhartz Lachman Associates, Inc. ..!{ihnp4, sun}!laidbak!mdb