Local Exploits

• Reboot: either set BIOS password, of if connected to Domain require domain login, to avoid the “escape” login.

• Screen-saver password, good but limited (CD-ROM autorun.inf is executed even when screen saver is running). How about BO in a CD-ROM? Disable autorun.

• Revealing passwords: more for recovery that hack (you need to be logged in the machine).

• PWL cracking: copy password files to diskette (copy c:\windows\*.pwl a:) and crack them later. Also more recovery than hack -- you need to be logged in.

• countermeasures: secure physical access to computer (lock key), in addition to above.

Previous slide

Back to first slide

View graphic version