Date: Fri, 24 Nov 2006 16:37:54 +1100 From: Norberto Meijome <freebsd@meijome.net> To: Bill Moran <wmoran@collaborativefusion.com> Cc: freebsd-questions@freebsd.org, VeeJay <maanjee@gmail.com> Subject: Re: Password Security Message-ID: <20061124163754.5a11ddef@localhost> In-Reply-To: <20061123082520.af5d4265.wmoran@collaborativefusion.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <20061123082520.af5d4265.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Nov 2006 08:25:20 -0500
Bill Moran <wmoran@collaborativefusion.com> wrote:
> > So, does it mean that Windows 2003 Server provides more Password Level
> > Security with Unauthorized Access?
>
> Where is this presumption coming from? Windows OS suffer from the same
> difficulty protecting from physical intrusion that any other OS does.
Precisely - MS makes a very strong (and valid) point of saying that once 'the
bad guys' have physical access to your box, the machine is owned.
The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about
hacking into someone's machine via Firewire. And even if it was an exploit,
neither the researcher/hacker nor MS would consider it "security issue", because
to use this FW attack you need physical access... ie, you've lost the battle
already, it's just a matter of picking your method of breaking in.
In short, secure the box both physically and network / services-wise as much as
possible.
Best,
_________________________
{Beto|Norberto|Numard} Meijome
UFOs are for real: the Air Force doesn't exist.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061124163754.5a11ddef>