[GRLUG] does anyone see this as a worrisome security issue?
Jeff DeFouw
jeffd at i2k.com
Sat Mar 22 15:09:06 EDT 2008
On Sat, Mar 22, 2008 at 02:06:04PM -0400, Steve Romanow wrote:
> But does it mean that any kiosk or secured environment with an optical
> drive or exposed usb port (assuming boot from usb is available) can be
> compromised in just minutes? Does this make the login prompt worthless?
The tool resets passwords on the local disk (assuming there is one).
Remote authentication servers wouldn't be affected, but with that access
you could install key loggers on the local machine. You really don't
want your kiosk to boot from USB/CD.
--
Jeff DeFouw <jeffd at i2k.com>
More information about the grlug
mailing list