Roy Schestowitz wrote:
> Unruh wrote:
>> cujo <email@example.com> writes:
>>>Roy Schestowitz wrote:
>>>> They must have made it a possibility
>>>Having phisical access to a machine *A L W A Y S* gives you this
>>>You can *ALWAYS* boot from a Live CD (doesn't HAVE to be Suse's cd at
>>>all), mount the hd's root partition and edit /etc/shadow.
>> No, on some machines you can put in a bios password which prevents
>> booting from anything but the hard drive without a password. Now, you can
>> probably cancel that bios password by opening the case, but that is more
>> difficult ( and can be prevented with suitable security cableing-- if
>> nothing else put in a thermite bomb which fries everything in the insides
>> if the case is opened without a suitable security entry.)
>> Ie, even physical access can be made more or less secure with work.
>>>Security is BASED on this, physical access = total control, no matter
> A secure case is probably one thing I had in mind. It requires expertise,
> time and cannot be done remotely. What's more, if you lock it properly,
> you can probably prevent access to the hardware.
> If you happened to saw through the case, you would probably be capable of
> exhuming the hard-drive and fetching the information that it contained.
> This, however, requires equipment, expertise or a lot of money -- often a
> recovery that is useful in juridical scenarios.
Oops, I meant BIOS in the subject line... and I also neglected to mention
file system encryption, which should definitely do the trick at some level.
Roy S. Schestowitz