Full Disclosure mailing list archives
Re: RE: NetWare Screensaver Authentication Bypass From The Local Console
From: Steve Wray <steve () myself gen nz>
Date: Wed, 22 Dec 2004 16:47:28 +1300
James Tucker wrote:
Frankly the ability to bypass any authentication procedure by a series of button presses is plain bad software design, period. If you don't believe me, go watch any "hacker film" and see how Hollywood shows most hackers gaining entry to systems. Sure, sounds stupid if its not a reality, and just plain scary if it is. Well this is exactly that, walk up to the console, tappedy tap and your in. Anyone for tea and biscuits? I hope some Novell executives felt sick when they heard about this one, because they really should; I know I wouldn't have maintained my breakfast after such an announcement.
I know a few people who are *deeply* committed to Novell and love to boast about its uptime and security so I brought this to their attention.
The response? "Yeah I've used that a few times to save my ass" Its well known in the Netware community and has been for some time.The perception is, that once someone has physical access its all over anyway; my response to that is "just cos they have an opportunity to tap away on a keyboard doesn't mean they have an opportunity to mess with the hardware."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: NetWare Screensaver Authentication Bypass From The Local Console Roger McLaren (Dec 16)
- <Possible follow-ups>
- RE: NetWare Screensaver Authentication Bypass From The Local Console Adam Gray (Dec 16)
- Re: RE: NetWare Screensaver Authentication Bypass From The Local Console James Tucker (Dec 21)
- Re: RE: NetWare Screensaver Authentication Bypass From The Local Console Steve Wray (Dec 22)
- Re: RE: NetWare Screensaver Authentication Bypass From The Local Console James Tucker (Dec 21)