On Thu, 1 Jun 2000, Curt Sampson wrote:

> On Thu, 1 Jun 2000, Jon Lindgren wrote:
> 
> > To have a
> > keystroke essentially disable the NVRAM security seems a bit contradictory
> > to me... but I can't argue with the facts.
> 
> No, it's reasonable. You can't do this on a serial console, so if you're
> making these keystrokes, you've got physical access to the machine. At
> that point, it's compromised no matter what you do. You can always just
> open it up and pop in a new NVRAM chip, or steal or replace the drive,
> or whatever.

True.  I was thinking of my college experience, where the lab had a bunch
of IPCs with Sun monitors and keyboards right there.  Easily hackable from
a keyboard.  The backs were locked with the Sun
square-bolt-put-a-MasterLock-through-me type of mechanism.  So you
couldn't steal the box or open it, but you had free access to the Sun
style console.

But then again, this same college provided unswitched ethernet to each
dorm room, didn't run any kind of kerberos or such, which lead to many
attacks using simple 'snoop' and 'tcpdump' wrappers.  No wonder I left
there so quickly...

Thanks for the thoughts,

-Jon
 --------------------------------------------------------------------
 "There is no fourth tower of Inverness!!!" -Meatball Fulton