Results 1 to 10 of 10

Thread: How the hell can you stop this from happening?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    43

    Exclamation How the hell can you stop this from happening?

    i was just wondering, if anyone knows anyway to prevent this from happening? (other than don't use windows lol)
    http://download.airodump.net/data/video/vistahack.swf

    you could say lock bios, prevent booting from a cd/usb, but cracking the bios or simply resetting it is cake.
    Is there anything a someone could do at the user level to fix this or is this purely on MS to fix this flaw?
    would encrypting the drive do any good? if so how good is such encryption?

    this leaves a HUGE backdoor in the os after you've made this quick change.

    any thoughts?

    (i wasn't sure where to put this one, mods please move if incorrectly placed)

  2. #2
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default Why?

    Why are you writing this?

    What do you expect?

    Of course, it is quite normal for an operating system to be able to read the contents of the disks. When using backtrack as a LiveCD/DVD for example it is normal.

    You asked about strategies.

    I suggest that one does not allow physical access to the machine. Encryption is useful but all encrypted material needs to be decoded at some stage upon entering userland for normal processing.

    So, what did you expect?
    Lux sit

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by cynicalpsycho View Post
    i was just wondering, if anyone knows anyway to prevent this from happening? (other than don't use windows lol)
    http://download.airodump.net/data/video/vistahack.swf

    you could say lock bios, prevent booting from a cd/usb, but cracking the bios or simply resetting it is cake.
    Is there anything a someone could do at the user level to fix this or is this purely on MS to fix this flaw?
    would encrypting the drive do any good? if so how good is such encryption?

    this leaves a HUGE backdoor in the os after you've made this quick change.

    any thoughts?

    (i wasn't sure where to put this one, mods please move if incorrectly placed)
    A bios password will do no good since in order for the "hack" to work one would need physical access to the machine. As such removing the cmos battery is pretty trivial in such a case.
    Encryption would help prevent the contents of the drive from being easily accessed, however again if the someone has physical access and the owner of the laptop/pc kept a copy of the password somewhere on the drive then again it's game over.
    I think blackfoot summed it up pretty good, what did you expect to happen.
    This is just one of a myriad of ways of compromise.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Just use a good encryption scheme for your harddisk and memorize the hardest password ever you made xD

    I'm sure that will do. Of course you can set BIOS passwords and also set up other things
    at the OS-level f.ex. if you run Linux, you use sudo and don't log in as root. That's just a
    lame example but it helps increase the security a tiny bit. xD
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Most newer laptops have a hard drive password option. This password is part of the ata spec, so it's not tied to the laptop or bios. Nothing gets access to the drive without the password. Though you might be able to swap the controller card, I've not tried that for password bypass.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #6
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Use trucrypt if you think one of the people you let inside your house will try this.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  7. #7
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Keep the PC locked.....
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  8. #8
    Just burned his ISO monovitae's Avatar
    Join Date
    Jul 2008
    Posts
    24

    Default

    Quote Originally Posted by Barry View Post
    Most newer laptops have a hard drive password option. This password is part of the ata spec, so it's not tied to the laptop or bios. Nothing gets access to the drive without the password. Though you might be able to swap the controller card, I've not tried that for password bypass.
    In regard to ATA security there was an article printed in 2600 Volume Twenty-six number one titled 'ATA Security Exposed' in which a number of vulnerabilities are discussed. I imagine this info can be found elsewhere as well. While a nice feature I insist on FDE for any laptops I manage if they have sensitive info on them, which incidentally is all laptops.
    ~Monovitae~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •