Re: Insufficient Authentication vulnerability in Asus notebook
Verified OSX 10.5 is not vulnerable to this attack.
Justin
--
Apple Advocate -- Macbook Pro 17 inch, Airport Express, Xsan, OSX Server, i=
Pod Video, iPhone
... in internet it is everytime!
----- Original Message -----
From: "Susan Bradley"=20
To: "Bob Fiero"=20
Cc: bugtraq@securityfocus.com
Subject: Re: Insufficient Authentication vulnerability in Asus notebook
Date: Thu, 14 May 2009 12:35:33 -0700
Oh please. Corporations build images of machines that don't have this.
If you have this issue in your corporation, go talk to your IT guys=20
and tell them to build better deployment images.
If you have this problem, your IT guys are not doing their job.
Bob Fiero wrote:
>> You get the idea. This is non issue.
>>
>
> I disagree. You are involved in intense business negotiations.=20
> During lunch you leave your notebook unattended assuming it is=20
> safe with a password protected
> userID. Your competitor goes in to the conference room and logs in with
> Administrator and installs something like eBlaster to log everything
> you do and email it to him.
>
> Far fetched, but not a non-issue.
>
> _____ From: Mike Vasquez [mailto:mike.vasquez@gmail.com]
> To: Jeremy Brown [mailto:0xjbrown41@gmail.com]
> Cc: MustLive [mailto:mustlive@websecurity.com.ua],=20
> bugtraq@securityfocus.com [mailto:bugtraq@securityfocus.com]
> Sent: Thu, 14 May 2009 11:02:38 -0400
> Subject: Re: Insufficient Authentication vulnerability in Asus notebook
>
> Once someone has physical access all bets are off, there's a lot the can =
do.
>
> 1) steal it
> 2) boot off cd and reset/enable admin acct
> 3) boot off cd and grab all hashes
> 4) pour a perfectly good frappucino on the keyboard
> 5) cover it with smiley face stickers
>
>
> You get the idea. This is non issue.
>
>
--=20
_______________________________________________
Get a free @hellokitty.com, @mymelody.com, or @kuririnmail.com email account
today at www.sanriotown.com, and enjoy 500MB of storage!
Check out our official blog @ http://blog.hellokitty.com
討論串 (同標題文章)
完整討論串 (本文為第 12 之 12 篇):