How to break into a computer that is right at your fingertips

The Little Black Book of Computer Security By Joel Dubin 150 pages; $19.95 29th Street Press

In this excerpt from Chapter 5 of The Little Black Book of Computer Security, author Joel Dubin illustrates the ease with which a hacker can bypass a BIOS password and break into a computer.

The essential tools for the physical hacker are the following:

• Phillips screwdriver
• KNOPPIX CD
• KNOPPIX boot floppy disk
• USB key (at least 256 MB)

To bypass a BIOS password, an attacker can use any of the following methods (screwdriver required):

• Removing the hard drive from the computer and placing it in another computer that has an accessible BIOS

• Moving the appropriate jumper on the motherboard to reset the BIOS settings to the factory defaults (if the jumper exists on that particular motherboard)

• Removing the CMOS battery from the motherboard and then putting it back in, which resets the BIOS settings to the factory defaults

More information Download Chapter 5, Taking care of physical security, to learn how to protect your desktops Learn more about hacking tools and techniques in our resource center Peruse our tips and expert advice on testing passwords

If the BIOS is not password protected, the attacker doesn't even need a screwdriver. He or she can hack into a Windows- or Linux-based computer by using only two items: a KNOPPIX CD and a USB key. KNOPPIX is a Linux distribution that is available for free at knoppix.com and that can be burned onto a single CD. The attacker can boot KNOPPIX from the CD and then copy everything from the hard drive to the USB key. (If the BIOS has been set to disallow booting from the CD drive, the attacker needs only one additional item: a KNOPPIX boot floppy disk, which is available from the same site as the KNOPPIX CD.)

When finished, all the attacker needs to do is remove the KNOPPIX CD, the USB key, and the KNOPPIX boot floppy disk (if used) and then restart the computer. Windows or Linux will start, and no evidence that anyone ever tampered with the system will exist.

Read Chapter 5, Take care of physical security, to learn how to protect your desktops.

Sound Off! -   Post your comments |  See others' comments (1)

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Password Cracking Security360: Identity management market How to prevent hackers from accessing your router security password Complex password compliance requirements made simple Firefox, IE flaw could expose passwords Adding 'fudge' to your passwords Creating secure passwords you don't have to remember Scientists band together for TRUST-worthy research Yahoo fixes SSL flaw in Business E-mail RSA Conference 2006 Review: With ID-Synch v4.0, you can easily manage many users Linux Security and Unix Security RE:trace framework aids in OS X, Unix flaw discovery Researcher behind Linux Kernel flaw explains motives Linux Kernel attack code worries security experts Mac hack puts Apple faithful on the defense Will having two different operating systems cause administrative problems? Linux patch problems: Your distro may vary What is the best antivirus software to use when running Linux? Security Bytes: Crossover platform virus on the loose Security Wire Weekly: New Linux worm, J-Lo's high risk CDs and how an adware firm atones RSA Conference 2006 Windows XP and Server Security Microsoft to issue critical fixes for Windows XP, Windows Server 2003 Microsoft releases Windows XP SP3 with NAP, security updates Microsoft investigates new Windows zero-day flaw Researchers warily watch for Microsoft GDI exploits Inside MSRC: Microsoft gives guidance on security updates Microsoft releases April trove of patches Microsoft plans security fixes for Windows, IE, Office Windows Server 2008 security not as advertised, says researcher Microsoft warns of actively exploited Word flaw Microsoft patches 12 Office flaws with critical updates

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cracker  (SearchSecurity.com) masquerade  (SearchSecurity.com) salt  (SearchSecurity.com) session replay  (SearchSecurity.com) shadow password file  (SearchSecurity.com) war dialer  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary