How to break into a computer that is right at your fingertips

How to break into a computer that is right at your fingertips

The Little Black Book of Computer Security

By Joel Dubin
150 pages; $19.95
29th Street Press

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

In this excerpt from Chapter 5 of The Little Black Book of Computer Security, author Joel Dubin illustrates the ease with which a hacker can bypass a BIOS password and break into a computer.


The essential tools for the physical hacker are the following:

  • Phillips screwdriver
  • KNOPPIX CD
  • KNOPPIX boot floppy disk
  • USB key (at least 256 MB)

To bypass a BIOS password, an attacker can use any of the following methods (screwdriver required):

  • Removing the hard drive from the computer and placing it in another computer that has an accessible BIOS

  • Moving the appropriate jumper on the motherboard to reset the BIOS settings to the factory defaults (if the jumper exists on that particular motherboard)

  • Removing the CMOS battery from the motherboard and then putting it back in, which resets the BIOS settings to the factory defaults

More information

Download Chapter 5, Taking care of physical security, to learn how to protect your desktops

Learn more about hacking tools and techniques in our resource center

Peruse our tips and expert advice on testing passwords

If the BIOS is not password protected, the attacker doesn't even need a screwdriver. He or she can hack into a Windows- or Linux-based computer by using only two items: a KNOPPIX CD and a USB key. KNOPPIX is a Linux distribution that is available for free at knoppix.com and that can be burned onto a single CD. The attacker can boot KNOPPIX from the CD and then copy everything from the hard drive to the USB key. (If the BIOS has been set to disallow booting from the CD drive, the attacker needs only one additional item: a KNOPPIX boot floppy disk, which is available from the same site as the KNOPPIX CD.)

When finished, all the attacker needs to do is remove the KNOPPIX CD, the USB key, and the KNOPPIX boot floppy disk (if used) and then restart the computer. Windows or Linux will start, and no evidence that anyone ever tampered with the system will exist.

Read Chapter 5, Take care of physical security, to learn how to protect your desktops.

This was first published in October 2005