[mythtv-users] Forgot password; Choose door A, B or C?

[Stephen P. Villano]

On 4/25/14, 9:12 AM, Greg Woods wrote:
> On Thu, 2014-04-24 at 12:30 -0500, Leif Pihl wrote:
>
>> For now, it's enough to know that it CAN be secured.
> As always, this depends on what you are wanting to secure it against. If
> you just want to keep the teenage kid from rooting the box, then
> securing the BIOS and boot loader might be enough. On the other hand, if
> the kid is savvy enough to replace the BIOS chip on the motherboard, and
> sometimes is left alone long enough, they could still get in. 
>
> For machines in public places, do you have to worry about someone who is
> willing to physically destroy the lock box holding the machine, or are
> there other security measures (cameras, guards, etc.) already in place
> that would prevent that?
>
> Can you be sufficiently certain that the software you are running on the
> box doesn't have any security holes that could be exploited to gain
> privileged access?
>
> Etc.
>
> Point being, security is never black and white, it's secure or it isn't.
> It always depends on what your threats are. Big difference between the
> neighbor's kid and the NSA.
>
> --Greg
>
>
> _______________________________________________
>
Quite true. When I was working with the DoD, we'd be audited annually,
complete with pen testing.
The rule of thumb was, not *if* they'd get in, but when and how
difficult it was. Of course, they had our documentation, which made the
job a bit easier for them, but it still was a mutually educational
exercise. We'd have additional new measures in place to protect assets,
they had new techniques.
I always enjoyed those audits. It was a good evaluation of my
documentation and our protective measures, as well as a good exercise of
brain cells.