Guardian Digital Inc. > InfoCenter > Mailing List Archives > Full Disclosure

Full Disclosure Mailing List Archive

From: Steve Wray (steve@myself.gen.nz)
Date: Tue Dec 21 2004 - 22:47:28 EST

James Tucker wrote:
> Frankly the ability to bypass any authentication procedure by a series
> of button presses is plain bad software design, period.
> If you don't believe me, go watch any "hacker film" and see how
> Hollywood shows most hackers gaining entry to systems. Sure, sounds
> stupid if its not a reality, and just plain scary if it is. Well this
> is exactly that, walk up to the console, tappedy tap and your in.
> Anyone for tea and biscuits?
> I hope some Novell executives felt sick when they heard about this
> one, because they really should; I know I wouldn't have maintained my
> breakfast after such an announcement.

I know a few people who are *deeply* committed to Novell and love to
boast about its uptime and security so I brought this to their attention.

The response?

"Yeah I've used that a few times to save my ass"

Its well known in the Netware community and has been for some time.

The perception is, that once someone has physical access its all over
anyway; my response to that is "just cos they have an opportunity to tap
away on a keyboard doesn't mean they have an opportunity to mess with
the hardware."

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[ About Guardian Digital ] - [ Press Center ] - [ Contact Us ] - [ System Activation ] - [ Reseller Info ] - [ Online Store ] - [ Site Map ]
Copyright (c) 2000 - 2004 Guardian Digital, Inc. Linux Lockbox and EnGarde are Trademarks of Guardian Digital, Inc.