netsec - Network Security

385 readers

1 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the "How".
Always try to link to the original source.
Titles should provide context.
Ask Questions with a "[Question]" prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don't create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don't complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

founded 1 year ago

MODERATORS

[email protected]

Screwdriver 🪛 is enough to get over Lenovo's Bios password (older model) (www.tomshardware.com)

submitted 1 year ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Well as always... physical access to a device is a security nightmare.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 5 months ago

I can barely see the point to BIOS passwords. They are slightly useful if you don’t want guests using a machine for some reason. If you don’t have a bios pw, the OS login is good enough unless you need to stop them booting their own media. All desktops are rightfully easy to clear the bios. There are jumpers specifically for this purpose, apart from also just popping out the cr3202 battery or unseating the bios chip (old models). The bios pw does not (and should not) protect from data access at the hands of someone who can open box.

The only failure I see here is the fact that Lenovo tried to make the bios unclearable in the first place, thus increasing e-waste. That’s the real story. The security fail is nothing interesting.. it’s the attempt of ecocide that should have the focus.