Date: Fri, 24 Nov 2006 12:11:29 +0000 From: RW <list-freebsd-2004@morbius.sent.com> To: freebsd-questions@freebsd.org Subject: Re: Password Security Message-ID: <200611241211.31476.list-freebsd-2004@morbius.sent.com> In-Reply-To: <20061124163754.5a11ddef@localhost> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061123082520.af5d4265.wmoran@collaborativefusion.com> <20061124163754.5a11ddef@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 24 November 2006 05:37, Norberto Meijome wrote: > Precisely - MS makes a very strong (and valid) point of saying that once > 'the bad guys' have physical access to your box, the machine is owned. > > The was a (very cool) presentation in Ruxcon (ruxcon.org) this year about > hacking into someone's machine via Firewire. And even if it was an exploit, > neither the researcher/hacker nor MS would consider it "security issue", > because to use this FW attack you need physical access... ie, you've lost > the battle already, it's just a matter of picking your method of breaking > in. I think that's a bit complacent of MS, given that most instances of their OS don't run on servers. If a desktop machine has encrypted partitions, it is protected against someone stealing it and breaking in at their convenience. Reading data from a running machine, shouldn't be as convenient and inconspicuous as plugging-in a cable.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611241211.31476.list-freebsd-2004>