[11990] in bugtraq
Re: ASUS mother board security question...
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Sun Sep 26 01:41:43 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <199909260509.BAA10258@spamraaa.compuserve.com>
Date: Sun, 26 Sep 1999 17:04:27 +1200
Reply-To: nick@virus-l.demon.co.uk
From: Nick FitzGerald <nick@VIRUS-L.DEMON.CO.UK>
X-To: BUGTRAQ@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <E11Rl4o-0003Ln-00@the-village.bc.nu>
> The one to watch are the machines that allow remote shutdown via lan messages.
> They have a password scheme, but its unencrypted
Nope -- the one to watch are those implementing the "reboot from LAN
image" option.
I think, today, that is none, but the PC98, etc specifications make
some hilarious reading -- hilarious, that is, if so many of the
things suggested as likely to be required in near-future updates of
the spec weren't so damn stupid/short-sighted.
The afterthought (expressed in a footnote to the "reboot from LAN
image" option) to the effect "it may be advisable to develop an
authentication mechanism for this feature" is a classic example of
the contempt in which security is held amongst designers at Richmond.
Regards,
Nick FitzGerald
