[OPLINTECH] Potential Computer Vandalism

Nick Kelley nkelley at avonlake.lib.oh.us
Wed Nov 20 10:47:00 EST 2013


After reading a bit. It looks like you will have to contact Dell to get the
password reset.


On Wed, Nov 20, 2013 at 10:41 AM, Chad Neeper <cneeper at level9networks.com>wrote:

> If the BIOS wasn't locked down, there is also the possibility that someone
>> actually flashed the BIOS with a different version.
>
> A comment on the above:  You don't need access to the BIOS to be able to
> flash a new one. You can flash even a password protected BIOS. You simply
> boot to a media that contains the BIOS you intend to flash and the
> OS/program used to perform the actual flash.
>
> On patron computer, it's always important to do the following in your BIOS
> before the first patron ever touches it:
> * Set your BIOS administrative password.
> * Set the boot order to boot from the hard drive first or to boot ONLY
> from the hard drive.
> * Disable the ability to boot from removable media.
>
> Those basic steps help to protect your patron computers at the "hardware"
> level.
>
>
> ______________________________
> *Chad Neeper*
> Senior Systems Engineer
>
> *Level 9 Networks*
> 740-548-8070 (voice)
> 866-214-6607 (fax)
>
> *Full LAN/WAN consulting services -- Specialized in libraries and schools*
>
>
> On Wed, Nov 20, 2013 at 10:29 AM, Ken Butler <hcotech at holmeslib.org>wrote:
>
>> If the settings that password protect the hard drive are in the BIOS, I
>> would try removing the CMOS battery for a period of time - say half an hour
>> or more, and also pressing the power button while it is unplugged to clear
>> out any residual power in the system. Once it has been drained and the
>> battery removed for half an hour or more, try putting the battery back in
>> and see what you get. Removing power from the BIOS for a decent period of
>> time SHOULD revert all settings to default.
>>
>> If the BIOS wasn't locked down, there is also the possibility that
>> someone actually flashed the BIOS with a different version. If what I
>> mentioned above doesn't work, I'm not sure what you could do other than
>> talking to your computer manufacturer to see if there are any back doors in
>> the BIOS that you can use, or if there is a way to flash the BIOS with the
>> standard version for that computer.
>>
>>
>> On Wed, Nov 20, 2013 at 10:16 AM, Mike Hensel <henselmi at oplin.org> wrote:
>>
>>> Ron:
>>>
>>>
>>>
>>> I cleared the CMOS jumpers on the motherboard which allows me to at
>>> least get to the Bios but once I’m there I cannot change or turnoff the HD
>>> password because I don’t know it – it has been set by the individuals that
>>> locked up the machines – at least that’s my guess.  I tried my admin
>>> passwords but they don’t seem to work.
>>>
>>>
>>>
>>> I read online that Dell may have a backdoor password so I may give them
>>> a call.
>>>
>>>
>>>
>>> Mike Hensel
>>>
>>> Director, MLIS
>>>
>>> London Public Library
>>>
>>> 20 E. First Street
>>>
>>> London, OH 43140
>>>
>>> www.mylondonlibrary.org
>>>
>>> 740-852-9543
>>>
>>> Mobile 614-325-1429
>>>
>>>
>>>
>>> *From:* Ron Woods [mailto:woodsro at oplin.org]
>>> *Sent:* Wednesday, November 20, 2013 10:09 AM
>>> *To:* 'Mike Hensel'; oplintech at oplin.org
>>> *Subject:* RE: [OPLINTECH] Potential Computer Vandalism
>>>
>>>
>>>
>>> Hi,
>>>
>>>
>>>
>>> is this a boot password that’s stored in the BIOS? Or some kind of
>>> encryption on the hard drive?
>>>
>>>
>>>
>>> Does clearing the CMOS jumper on the motherboard remove the password? I
>>> wouldn’t think you have to replace the hard drive to clear a BIOS boot
>>> password, all that should be required is clearing the CMOS jumper pins on
>>> the motherboard…unless were talking about some kind of hard drive boot
>>> encryption set with a password?
>>>
>>>
>>>
>>>
>>>
>>> Ron Woods
>>>
>>> Computer Services Manager
>>>
>>> St. Clairsville Public Library
>>>
>>> (740)-695-2062
>>>
>>> http://www.stclibrary.org
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* oplintech-bounces at lists.oplin.org [
>>> mailto:oplintech-bounces at lists.oplin.org<oplintech-bounces at lists.oplin.org>]
>>> *On Behalf Of *Mike Hensel
>>> *Sent:* Wednesday, November 20, 2013 9:21 AM
>>> *To:* oplintech at lists.oplin.org
>>> *Subject:* [OPLINTECH] Potential Computer Vandalism
>>>
>>>
>>>
>>> OPLINTech Libraries:
>>>
>>>
>>>
>>> I’ve got a situation where one of my patron computers last week booted
>>> up with a Security Manager Screen that basically needed a password to boot
>>> from the hard drive.  We run DeepFreeze on all of the computers.  I
>>> eventually had to get another hard drive sent from Dell.  Last night 5 more
>>> computers displayed the same message.  We lock the computers down with
>>> policies as well.  I have not seen any virus alerts pop up in Symantec.  We
>>> run Symantec Endpoint.  I don’t believe we had the bios locked down so the
>>> only thing I can think of is someone logged into the bios and setup an
>>> password on access to the HD which is leaving our machines dead.
>>>
>>>
>>>
>>> Has anyone run across this scenario and is there any easy fixes besides
>>> getting a new hard drive and rebuilding the machine.   I’m trying to
>>> determine if it was a local hack (patron at each machine) or virus.
>>>
>>>
>>>
>>> Any help would be appreciated.
>>>
>>>
>>>
>>> Mike Hensel
>>>
>>> Director, MLIS
>>>
>>> London Public Library
>>>
>>> 20 E. First Street
>>>
>>> London, OH 43140
>>>
>>> www.mylondonlibrary.org
>>>
>>> 740-852-9543
>>>
>>> Mobile 614-325-1429
>>>
>>>
>>>
>>> _______________________________________________
>>> OPLINTECH mailing list
>>> OPLINTECH at lists.oplin.org
>>> http://lists.oplin.org/mailman/listinfo/oplintech
>>> Search: http://oplin.org/techsearch
>>>
>>>
>>
>>
>> --
>> Ken Butler
>> hcotech at holmeslib.org
>> Head of Information Technology
>> Holmes County District Public Library
>> 3102 Glen Drive
>> Millersburg, OH 44654
>> PH: 330-674-5972 ext 224
>>
>> _______________________________________________
>> OPLINTECH mailing list
>> OPLINTECH at lists.oplin.org
>> http://lists.oplin.org/mailman/listinfo/oplintech
>> Search: http://oplin.org/techsearch
>>
>>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
> Search: http://oplin.org/techsearch
>
>


-- 
Nick W. Kelley
Technology Manager
Avon Lake Public Library
440-933-6418
nkelley at avonlake.lib.oh.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20131120/0824a509/attachment-0001.html>


More information about the OPLINTECH mailing list