"The weakest computer security link is in between the chair and the keyboard and, unfortunately, cannot easily be upgraded or patched."
-- Peter Peter M. Brigham pmb...@gmail.com http://home.comcast.net/~pmbrig On Nov 26, 2012, at 3:37 PM, Robert Sneidar wrote: > Having a lot of experience in this arena, I should point out that network > level security is only one layer of the "onion" so to speak. There is also > physical access, which is a big way that bootloaders get installed. For > instance, if someone has a custom USB drive, they can obtain all the password > hashes for the accounts in a Windows machine (something that Microsoft said > was impossible at one time) and then run it through some hash tables to get a > list of the associated passwords. Admittedly, this was with Windows XP and > Server 2000/2003. Supposedly, Vista and Win 7 forsook the MD5 encryption they > were using, and now use AES, so whether or not it can be done with a modern > Windows OS I am skeptical about. > > But my main point is, if you give someone physical access to your computer, > or you tell your kids the Administrator password, NOTHING can save you from > compromise at that point. Oh sure, you can have your AV software forbid USB > drives, but if someone has administrator access, they can override your AV. > > Security must be a multi-tiered approach to be successful. It is EXTREMELY > rare for someone who has taken all reasonable precautions to become > "infected" with malware. > > Bob > > > On Nov 26, 2012, at 9:59 AM, Richmond wrote: > >> On 11/26/2012 09:16 PM, Mike Kerner wrote: >>> Rootkits and bootloaders are a threat that cannot be addressed reasonably >>> any other way. If you want to talk about lousy security on the inside, >>> Windows cannot even hold a candle to the laughably-bad ICS's. Back in The >>> Day I felt like I was the one who was wrong because I kept pointing out out >>> horribly bad the security on PLC's and their related controllers are. >>> >>> >>> >> >> Is it just me, or . . . ? >> >> I would have thought one of the EASIEST ways to avoid one's machine from >> getting >> mucked up by a rootkit or a bootloader was to make sure one's computer was >> NOT >> connected to some sort of internet connexion prior and during OS install. >> >> I must say one of the things I dislike is how OS installs give the >> impression that they >> won't work without an internet connexion - which is, of course, a load of >> old tosh. >> >> Richmond. >> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
