Date: Fri, 24 Nov 2006 16:37:54 +1100 From: Norberto Meijome <freebsd@meijome.net> To: Bill Moran <wmoran@collaborativefusion.com> Cc: freebsd-questions@freebsd.org, VeeJay <maanjee@gmail.com> Subject: Re: Password Security Message-ID: <20061124163754.5a11ddef@localhost> In-Reply-To: <20061123082520.af5d4265.wmoran@collaborativefusion.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <20061123082520.af5d4265.wmoran@collaborativefusion.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 23 Nov 2006 08:25:20 -0500 Bill Moran <wmoran@collaborativefusion.com> wrote: > > So, does it mean that Windows 2003 Server provides more Password Level > > Security with Unauthorized Access? > > Where is this presumption coming from? Windows OS suffer from the same > difficulty protecting from physical intrusion that any other OS does. Precisely - MS makes a very strong (and valid) point of saying that once 'the bad guys' have physical access to your box, the machine is owned. The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about hacking into someone's machine via Firewire. And even if it was an exploit, neither the researcher/hacker nor MS would consider it "security issue", because to use this FW attack you need physical access... ie, you've lost the battle already, it's just a matter of picking your method of breaking in. In short, secure the box both physically and network / services-wise as much as possible. Best, _________________________ {Beto|Norberto|Numard} Meijome UFOs are for real: the Air Force doesn't exist. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061124163754.5a11ddef>