So, I have been comparing my laptop's setup against the NSA security recommendations for OS X machines and ran across this little gem of a backdoor that I had never heard before:
Open Firmware protection can be violated if the user has physical access to the machine. Open Firmware password protection can be bypassed if the user changes the physical memory configuration of the machine and then resets the PRAM 3 times (holding down command-option-P-R during boot).
When is this ever going to be useful to me? Probably never. But it's interesting to note. I always figured that clearing out something like that required actually wiping the associated flash memory, either jumpering pins a la the PC BIOS or by clipping in with a flash programming harness — a bit of a pain with today's surface mount parts — and talking directly to the chip. It never occurred to me that there would be an “easter egg” style reset sequence of events.