advanced search
Welcome, {user_name}
[logout]
About Us Calendar Forum Submit Article User Prefs
 Menu 
Home
Meeting Info
History
Files
Presentations
Projects
Charter

 Upcoming Events 
There are no upcoming events

 Topics 
Home
Website News (2/0)
General News (5/1)
LUG News / Business (2/0)
Geeklog News (8/0)

 User Functions 
Username:

Password:

SHA disabled
Don't have an account yet? Sign up as a New User

 Older Stories 
Sunday 28-May
  • Z4CK 2, novel (20)

    • Thursday 18-May
  • Dapper Drake (66)

    • Wednesday 03-May
  • Debian Wiki (41)
  • Internet and Congress (45)

    • Friday 10-Mar
  • Loaded Debian SPARC on Sun Blade 150 (42)

    • Wednesday 01-Feb
  • Linux-Med (28)

    • Friday 28-Oct
  • New Site is up! (32)
    		•


     

     
     Home »  Support »  ATA Disk security lo..
    Prev Topic Next Next Topic Printable Version
    ATA Disk security lock Views: 3061
    dzsiga
    Forum Newbie


    Registered: 10/31/05
    Posts: 1
     Wednesday, December 19 2007 @ 03:12 PM EST
    In our discussion on Tuesday I mentioned a potential risk related to ATA disk drive security passwords . I think some of you are familiar with this functionality, but maybe didn't understand what I was asking about. I've been concerned about whether it is possible for some exploit to abuse these security commands, resulting in loss of access to data on the drive.

    The ATA spec allows a “user” password to be set to prevent unauthorized access to the disk. There is also a “master” password set by the vendor that can unlock the drive if the user password is lost. The security level can be set to “high” or “maximum” when the password is required. When set to maximum security mode, using the master password causes the disk to zero the drive before unlocking! A security “freeze” command can also be sent to disallow changes to the ATA security settings until after a power cycle.

    When I first read about this a coupler years ago, the Linux hdparam program already supported these commands, and there was at least one windows tool you could download that ran them. A quick search today finds tools that not only implement them but also attempt to crack the password. As far as I can tell, if they can't crack the user password and the security level was set to maximum you still loose the data. In any case, it would be preferable to prevent the problem rather than be taken down and have to fix it.

    Obviously Linux users are much less vulnerable to malware. I haven't seen any mention of anything the system does to specifically prevent abuse of the ATA security commands. Is there a valid threat? Should we be changing default passwords on our disks, or sending a “–security-freeze ” command during system initialization?

      Profile      Email   
     Quote 
     

     
    Topic Legend:
    Normal Topic Normal Topic
    Locked Topic Locked Topic
    Sticky Topic Sticky Topic
    New Post New Post
    Sticky Topic W/ New Post Sticky Topic W/ New Post
    Locked Topic W/ New Post Locked Topic W/ New Post
    Subscribe to this topic Subscribe to this topic
    You may not post messages
    Full HTML is allowed
    Words are censored

     Copyright © 1999-2005 Melbourne Linux Users Group, Inc.
     All trademarks and copyrights on this page are owned by their respective owners.    		 Powered By GeekLog v1.3.11sr7-1 
    Created this page in 0.73 seconds