My state-wide teaching tour continues next Monday, March 12, 2012, 6:30 p.m. at the Edmond Library in Edmond, OK.
My class, “Fight the Internet Bad Guys and Win!” will teach you how to defeat the Internet bad guys who want to mess with your life. The class is free, one night only, and will last about 90 minutes. If you use a computer, you should attend. Visit my website for more details.
One section of the class is devoted to passcode-protecting your computer. Passcode-protecting your computer is done in layers; layers that the bad guys have to deal with, one layer at a time, like peeling layers off an onion. The idea is that the bad guys will decide you and your security layers are too much of a hassle, and will move on to mess with easier targets.
Last week, I discussed in this column how to passcode-protect your computer, locking out anyone who does not know your login passcode. Passcode-protecting the screensaver is Layer Two of this security onion; passcode-protecting the default Administrator account in Windows XP is Layer Three.
There remains, however, a way that crafty bad guys can hack around these layers of passcode protection, using a tool known as a “bootdisk.” Read on, and I will explain how to plug the bootdisk security hole and add Layers Four and Five to your passcode security onion.
When you first turn on your computer, it starts looking for a disk drive to “boot” to. The computer term “boot” is short for “bootstrap,” from the phrase, “to pull oneself up by one’s bootstraps;” strange, but true. During the boot process, the computer looks for a disk drive that contains operating system software, so it can “pull itself up” into a usable state. Once the computer has “booted up,” you have a machine that can perform normal, useful tasks.
Most folks don’t know it, but you can choose which disks and operating systems your computer will boot to; it doesn’t have to be your usual hard drive/Windows combination. You can tell your computer to boot to other disk devices, as well, such as a CD, DVD, flash drive or external hard drive. As long as the device contains a compatible operating system, your computer can boot too it.
The ability to boot a computer to different devices is what makes the login passcode hack possible. You simply turn the computer on and tell it to boot to a specially-crafted CD or flash drive that you have made, rather than the usual internal hard drive. Once the computer has booted to your special passcode-hacking disk, you have complete control of the computer, including control of its internal hard drive.
After gaining control of the computer, you locate and edit the passcode file on the computer’s regular hard drive, and, bam, you have just hacked around Layers One, Two and Three of the computer’s passcode-protection system. I’ve done this many times for customers who’ve forgotten their login passcode. Sneaky, huh?
To prevent this type of passcode hacking, you need to do two things: (1) change the settings in the system BIOS, disabling the computer’s ability to boot to anything except your normal hard drive, and (2) passcode-protect the system BIOS, so your changes can’t be undone.
First, you need to access the system BIOS (Basic Input-Output System). This is done by pressing a certain key while the computer is first turning on; with many computers, it’s the Delete key, on Dell machines, it’s F2. You may need to find out which key relates to your specific computer. If the computer loads Windows, you have waited too long to press the BIOS key, or you are pressing the wrong key. Shut down your computer and try again.
Once you are in the BIOS (sometimes called, “System Setup”), you will need to use the keyboard’s arrow keys to move around. Locate your computer’s boot sequence and set the computer not to boot to anything but the primary hard drive. Next, find the Security function that lets you set a BIOS passcode. You may have to do a little Google research to learn more about your system’s BIOS settings, as they can vary from machine to machine. The BIOS passcode setting is there, though, so keep looking until you find it.
This passcode does not need to be long and complex; eight characters or less, simple letters and numbers will do. You do not, however, want to forget this passcode, so write it down and store it in a secure location. Exit the system BIOS, saving your changes, and you’re done.
You have now added Layers Four and Five to your passcode security onion. Hacking around these layers is difficult, and all but the most determined bad guys will give up at this point, moving on to easier targets. Computer passcode protections beyond this point are best moved into the realm of hard drive encryption, a subject beyond the scope of this single column.