[1788] in bugtraq
Re: password backdoors
daemon@ATHENA.MIT.EDU (Brian Harrington)
Thu May 11 16:31:09 1995
Date: Thu, 11 May 1995 14:59:03 -0400 (EDT)
From: Brian Harrington <brian@jhu.edu>
In-Reply-To: <9505111538.AA03241@admn0162>
To: Larry Kealey <kealeyl@phibro.com>
Cc: Nathan Lawson <nlawson@statler.csc.calpoly.edu>,
System Admin <root@sentinet.demon.co.uk>, bugtraq@fc.net
On Thu, 11 May 1995, Larry Kealey wrote:
> I have also heard that the hardware password (and all the other ROM
> settings) will get wiped if you remove the battery for a while, but I
> haven't tried it.(Haven't had the need... :>)
> Does anyone know?
This is definitely the case on a NeXT, and I would think that it holds
true for most machines (although I have only ever had to do it on my
NeXT). I think that we're getting pretty far from the scope of bugtraq,
though. Let's just say that if someone has the opportunity to turn a
machine off, open it up, pull the battery, and wait for some amount of
time greater than 15 minutes but less than 12 hours (my two data points,
I'm not sure what the minimum required time actually is) that machine
ain't secure. :-)
-- Brian
--
Brian Harrington
Library Network Guy
Johns Hopkins University
brian@musicbox.mse.jhu.edu
