OT: security

Ken Cole ken.m.cole at gmail.com
Tue Mar 1 18:41:01 PST 2011 

Richard,

I think you could be way off the mark.

If the Bank of America is anything like GE, and I am sure it would be,
if your friend took the re-installed machine with extra applications
back into BoA and attempted to connect it to the network I think he
would find he could do very little to nothing with the reconfigured
machine.

The internal security systems will most likely see it as a
non-authorised device, not give it an IP address via DHCP so it would
in effect be a stand alone device on the network.

Even if you tried to manually give it an address normally only
authorised devices, devices listed as having a static IP or those
recognised as been given an IP via DHCP and verifiable via reverse DNS
and other techniques can actually work on the internal network.

We randomly have given or sold to users their old devices but in our
case we first run a military grade hard drive "cleansing" application
over the device first and trust me after that app has run 7 times on
one hard drive there is nothing that can be recovered!

Cheers

Ken

On Wed, Mar 2, 2011 at 12:28 PM, Richard Kreiss <rkreiss at verizon.net> wrote:
>
>
>> -----Original Message-----
>> From: filepro-list-bounces+rkreiss=verizon.net at lists.celestial.com
>> [mailto:filepro-list-bounces+rkreiss=verizon.net at lists.celestial.com] On
>> Behalf Of Brian K. White
>> Sent: Tuesday, March 01, 2011 2:14 PM
>> To: Filepro List
>> Subject: Re: OT: security
>>
>> On 3/1/2011 1:53 PM, Rkreiss at verizon.net] wrote:
>> > One of my friends is a VP with Bank of America.  They just gave him a
> new
>> laptop and let him keep the one being replaced.  This is a Dell downgarded
>> from Vista to Win XP pro.
>> >
>> > He dropped off the computer with me to reinstall an OS as this machine
>> > has been "clamped down" so he can't install any software without admin
>> > password
>>
>> Is there some question you meant to ask here?
>
> No question.  Just pointing out that it would be relatively easy to bypass
> the banks security and install any software without the admin password.
>
> This is a hole in their security.
>
> Just thought some of you who are very security minded would find this
> interesting.
>
> Richard
>
>
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
>

More information about the Filepro-list mailing list