Sorry, I shouldn't have implied that was only true of Windows. However, you CAN'T access encrypted data with physical drive access.
Matt Flaschen >> Windows offers no security against local users. It is trivial to boot to >> a program like ERD Commander and replace admin passwords. On the other >> hand, PuTTy is meant to protect against everyone; that's why it doesn't >> allow saved passwords. Thus, this seems like a vulnerability to me. >> > Unix offers no security against local users either. If I can sit at the > console, I can login in single user mode, mount the drives rw and edit > /etc/passwd all day. > > Furthermore, I can take any hard drive, with any file system on it, and > with the right tools I can read everything on the drive, even deleted > stuff. > > So what's your point? That when you own the box you own the box? > > If you first have to own the box to get to the information, then it's > not a vulnerability. It's not best practice, but it's not a vulnerability. > > Paul Schmehl ([EMAIL PROTECTED]) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/ > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
