Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: ctrl+c vulnerablility at startup

  1. #11
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    This could be a better feature if the keys were editable by the Admin. For example having the option to change Ctrl+C into for example Ctrl+Alt+D this way it would be more difficult for anyone even with physical access to guess what the key combination is.
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

  2. #12
    Junior Member
    Join Date
    Aug 2003
    Posts
    16
    I think most recent 2600 had something on let me go dig it up

  3. #13
    Junior Member
    Join Date
    Sep 2003
    Posts
    4

    OPFW

    The Control C has been around for quite a while and even works on OS X 10.2.8 also. It will even work on a laptop that has a usb keyboard plugged in to it. Control C will actually break in on the the startup process and is not exactly the same as Single Users mode (Control S).

    The only "real" protection against this is to enable a Open Firmware password on the affected mac.

    Here's a nice article that will tell you how to do it: http://www.macdevcenter.com/pub/a/ma...re_tibook.html

    Updating to OS X 10.3.x is a way better soultion and is not affected by this "bug"


    Ohh and one more note: Even the OPFW password is bypassable if you have physcial access to the inside of the computer. Just pull or add a RAM chip, startup and zap PRAM 3 times and presto - Instant Bypass Acess!!!
    ---------------------------------------------
    Hardening Your Mac
    http://hardmac.blog-city.com/

  4. #14
    I know this topic is a little old, but for those of your who want to know how to prevent this problem, edit /etc/ttys and change anything that says secure to insecure. Reboot and check it out. Even if you have the root password, you won't be able to login since the passwords are shadowed (which I found interesting, not the shadowing bit but the system not being able to access the shadowed passwords).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •