Bugtraq mailing list archives
Re: Dell BIOS DoS
From: jon schatz <jon () divisionbyzero com>
Date: Mon, 08 Dec 2003 23:37:58 -0800
James Evans wrote:
This is not an incredibly serious problem as such, since a user can go back into the BIOS setup and change the password there, provided the BIOS Setup is not protected with an unknown password. Or, as a last resort, Dell can be phoned to provide a master backdoor password, as long as the user can prove herself the legal owner of the computer. Of course, the prerequisite of physical access to the machine highly mitigates this vulnerability.
...and once upon a time the default backdoor dell password was "dell".seriously, bios passwords are worthless. there are numerous ways to get around them. most motherboards have a jumper that you can set to reset your cmos / bios (probably misusing one of those terms) to the factory defaults. or you can just yank the cmos battery out. for your laptop, it might be a bit trickier, but you can usually get to the jumpers underneath the keyboard (at least on my old sager you could).
hth. -jon -- jon () divisionbyzero com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus? www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
Current thread:
- Dell BIOS DoS James Evans (Dec 08)
- Re: Dell BIOS DoS jon schatz (Dec 09)
- Re: Dell BIOS DoS Steve Shockley (Dec 09)
- Re: Dell BIOS DoS der Mouse (Dec 10)
- <Possible follow-ups>
- RE: Dell BIOS DoS David Brodbeck (Dec 09)
- Re: Dell BIOS DoS Craig Paterson (Dec 09)
- RE: Dell BIOS DoS Lyal Collins (Dec 10)
- Re: Dell BIOS DoS Eric Anderson (Dec 10)
- Re: Dell BIOS DoS Alexandros Papadopoulos (Dec 09)
- Re: Dell BIOS DoS Jim Paris (Dec 10)
- Re: Dell BIOS DoS Craig Paterson (Dec 09)
- Dell BIOS DoS Ross Draper (Dec 09)
- Mobile Device Security, Was: Re: Dell BIOS DoS Karsten W. Rohrbach (Dec 10)
(Thread continues...)
- Re: Dell BIOS DoS jon schatz (Dec 09)