I’ve long kind of had an idea that makers would put backdoor passwords into BIOS implementations, but never really looked into it. Then I happened upon this posting one day which lists a lot of backdoor passwords for various BIOS platforms and versions. Pay particular attention to the mention that some BIOS lock themselves after a few incorrect attempts, so be cautious. I’ve not tested any of these, but it would be very fun to play with.
Month: June 2006
hacking iis and iis security
A paper on IIS 6.0 security. IIS 6.0 is much more secure out-of-the-box than II5, which means the challenge comes in opening 6.0 up enough to make it work (whereas 5.0 needs closed down enough to be secure). This is easier said than done when unfamiliar with what is actually needing to be opened up…
Want to know how to Hack IIS? Then read the Hacking IIS Tutorial. I have not read this yet, but it looks pretty useful and thorough.
wsus links
Been working on WSUS as a work project (second job in a row for it), and I just wanted to spill out a bunch of links about WSUS.
MS WSUS Blog
WSUS Forum
WSUSWiki
WSUS Beginner’s FAQ
Microsoft WSUS newgroup
related scripting site
And if you want to use WSUS but do not have Active Directory (Group Policy) in use, you can still use WSUS with some manual scripting of registry settings.
myths about security and passwords
This post is an interesting viewpoint on myths about security and passwords. Must “out-there” is the opinion that changing passwords regularly is now dead and does not enhance security at all.
hacknotes: web security e-book
This is the online book copy of HackNotes: Web Security, which really looks like a good read. I really like this entire series of books as they are packed with good information.
netsh
Netsh is an oft-overlooked tool to configure tcp/ip settings in Windows from the command-line. This small post illustrates how to effectively use the app.
wireless probe detection and mac spoofing detection
PolarCove has a number of nice papers on their site, but of particular interest is a paper on wireless LAN discovery tools and wireless MAC spoofing detection. Both papers include exact Ethereal/Wireshark filters to use.