this post was submitted on 16 Jun 2023
13 points (100.0% liked)

netsec - Network Security

379 readers
1 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Discussion Guidelines:

Prohibited Content:

founded 1 year ago
MODERATORS
 

Well as always... physical access to a device is a security nightmare.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 6 months ago

I can barely see the point to BIOS passwords. They are slightly useful if you don’t want guests using a machine for some reason. If you don’t have a bios pw, the OS login is good enough unless you need to stop them booting their own media. All desktops are rightfully easy to clear the bios. There are jumpers specifically for this purpose, apart from also just popping out the cr3202 battery or unseating the bios chip (old models). The bios pw does not (and should not) protect from data access at the hands of someone who can open box.

The only failure I see here is the fact that Lenovo tried to make the bios unclearable in the first place, thus increasing e-waste. That’s the real story. The security fail is nothing interesting.. it’s the attempt of ecocide that should have the focus.