MAJOR SECURITY FLAW!!

[T41mbi]

I can't believe this.. after all this hype about IBM Client Security and how its so good ... blah blah blah, its all easily circumvented.

I have the IBM security chip w/ client security software. I use the ibm "secure UVM login replacement" for windows XP... though all you have to do to avoid the "IBM SECURE WINDOWS LOGIN" thingy, is boot in safe mode! Unbelievable what a waste of time & money!

[Leon]

can anyone verify??? is this true?

[T41mbi]

Im tellin you its true I've just done it!

What a joke!

[darrenf]

T41mbi, I have not tried to use CSS yet (because honestly I don't understand all of it) but I would assume that a login replacement is meant to provide a single point of passcode entry for access and authentication to Windows at the same time you are authenticating yourself to CSS and releasing keys needed for file and folder encryption/decryption.

I would expect it outside the capability of the CSS system to implement a full replacement for Windows authentication and security, especially since login credentials must in some cases be autheticated off-machine by the Active Directory or an older domain login and security extends into every nook and crany of Windows.

Given those presumptions, I would think that the test for failure of the replacement login system would be whether, in safe mode, you have access to all the resources secured by CSS keys (the most obvious being file and folder encryption). Can you confirm if this is the case?

On a tangential thought -- I've asked before if anyone here could explain how to use CSS in plain-speak and I haven't had any takers so far. If you are using the system, can you tell us how you have it set up. As I recal there are a great many users waiting to use CSS but for want of a concise explanation of how it can be set up and the benefits to be realized.

Thanks!

-darren

[ryan]

On a tangential thought -- I've asked before if anyone here could explain how to use CSS in plain-speak and I haven't had any takers so far. If you are using the system, can you tell us how you have it set up. As I recal there are a great many users waiting to use CSS but for want of a concise explanation of how it can be set up and the benefits to be realized.

Thanks!

-darren

give me the $600 and i'll go to the course in kc http://www.pc.ibm.com/training/txi20.html#classschedule

[T41mbi]

Well IBM CSS is very simple to install & setup. Of course read the instructions, although its not the best instruction set in the world its not the worst, its slightly confusing at times, but well worth settings aside 20 min to breeze through it.

Its really really simple, the manual makes it sound more difficult that it really is. Go to the IBM CSS Software download page, download the two drivers first (it specifies on the page) then download the CSS... its relatively simple... The wizard asks you to set an administration password, then save a location where to put the keys & the "emergency" backup keys, set the security level, then buda bing buda boom its done, it will ask you to resart. Once you restarted it will ask you a few options, i.e. would you like to use the IBM CSS UVE replacement for windows login (it says its more secure..pff) in which to tick the box and then thats it. Configuration controls are a little spread out, some configuration can be made through the control pannel, the other through the start menu. If you want to download and install the password manager/encryption utility you can do that but its optional, i use PGP Disk for disk encryption so i have not.

[TREX]

Another way it to boot to the BIOS and disable the chip before you log on. Make sure you have strong windows password on every enabled account.