>>Let's say the computer is off. You can turn it on, but that gets you to a login screen. What can the Firewire device do? OK, I guess I misunderstood the original paper (http://www.sec-consult.com/fileadmin/Whitepapers/Vista_Physical_Attacks .pdf). It now looks to me like they are claiming they can disable password authentication *even while the system is not logged on* - do I have that right? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer@xxxxxxxxxxxxxxxxxxxxxxx
