Exploit Logs You Into Linux Systems After Hitting Backspace 28 Times

On 12/21/15 17:03, Gary Heston so wittily quipped:
Given physical access to a system, an attacker of even modest skills can
get any and everything off a system. If the sole objective is denial of
service, I don't know of any hard drve that can survive a hammer or
drill (particularly both) attack.

or thermite

On 12/21/15 10:01, Peter Köhlmann so wittily quipped:
edevils wrote:

On 21/12/2015 18:06, Big Bad Bob wrote:
On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux—specifically, one
using the Grub2 bootloader—you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

so the bug is funnier than it is dangerous.

Unless data is encrypted. If you remove the hard drive and plug it
somewhere, you are still left with ciphered data.

On the contrary, if you read Hector Marco and Ismael Ripoll's original
article, you'll find out how they used the GRUB2 vulnerability to access
the GRUB rescue shell and deploy a malware from there.

"Since the data is ciphered, the strategy we will use is to infect the
system and wait until the user decrypts the data (by login into the
system) and then access to the information in plain."

http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html

With physical access to the machine they could just as well install the
logging software the standard way. No need for a Grub exploit

Physical access means all bounds are off. You can not secure such a system
in any meaningful way, encrypted or not


right, that's kinda where I was going, too. thanks for stating it THAT way.

so yeah, 'physical access required' takes a LOT of the 'threat' out of
it. still needs patching. devs need to self-slap for letting it happen.

On 12/21/15 10:21, edevils so wittily quipped:
On 21/12/2015 19:01, Peter Köhlmann wrote:
edevils wrote:

On 21/12/2015 18:06, Big Bad Bob wrote:
On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux—specifically, one
using the Grub2 bootloader—you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

so the bug is funnier than it is dangerous.

Unless data is encrypted. If you remove the hard drive and plug it
somewhere, you are still left with ciphered data.

On the contrary, if you read Hector Marco and Ismael Ripoll's original
article, you'll find out how they used the GRUB2 vulnerability to access
the GRUB rescue shell and deploy a malware from there.

"Since the data is ciphered, the strategy we will use is to infect the
system and wait until the user decrypts the data (by login into the
system) and then access to the information in plain."

http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html

With physical access to the machine they could just as well install the
logging software the standard way.

Could they, if GRUB is password protected?

yes. just install "no password" grub onto a different hard drive, and
set it up (cloned without password) to boot that image from a separate
HD [USB plug in for example], then put the "new" HD into the hard drive
slot, and voila! boot whatever you want, whenever you want, no password
required.

On 12/21/15 14:05, Shadow so wittily quipped:
On Mon, 21 Dec 2015 09:06:22 -0800, Big Bad Bob
wrote:

On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux?specifically, one
using the Grub2 bootloader?you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

And you remove the hard drive because .... ?
[]'s


it's easier to read it with a different machine, possibly. or you could
boot your OWN image with a different hard drive if passwords lock out
USB bootup. etc.

it's back to "if you have physical access you can ultimately bypass ANY
security"

if a crook wanted your data he'd just steal the device and work on it
elsewhere.

In article
Big Bad Bob wrote:

On 12/21/15 14:05, Shadow so wittily quipped:
On Mon, 21 Dec 2015 09:06:22 -0800, Big Bad Bob
wrote:

On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux?specifically, one
using the Grub2 bootloader?you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

And you remove the hard drive because .... ?
[]'s


it's easier to read it with a different machine, possibly. or you could
boot your OWN image with a different hard drive if passwords lock out
USB bootup. etc.

it's back to "if you have physical access you can ultimately bypass ANY
security"

if a crook wanted your data he'd just steal the device and work on it
elsewhere.

Like to see them do that with fibre channel or NAS.

In article
edevils wrote:

On 12/21/2015 10:28 PM, ray carter wrote:

With physical access to the machine they could just as well install the
logging software the standard way.

Could they, if GRUB is password protected?


No need for a Grub exploit

Physical access means all bounds are off. You can not secure such a
system in any meaningful way, encrypted or not

However, removing a hard drive is not as easy as using a keyboard. If
you remove a hard drive in an office, you might be be noticed.
Some hard drives are even stored in a secure vault, while you can still
access the keyboard.

physical access == total access

If a bad guy has UNRESTRICTED physical access, then he will be able to
do anything.
But another scenario is "restricted" physical access, meaning: KEYBOARD
access only!

Lmao. Like to see you stop me from doing anything if I have
"KEYBOARD" access.

In article
Big Bad Bob wrote:

On 12/21/15 17:03, Gary Heston so wittily quipped:
Given physical access to a system, an attacker of even modest skills can
get any and everything off a system. If the sole objective is denial of
service, I don't know of any hard drve that can survive a hammer or
drill (particularly both) attack.

or thermite

Why must one poor little hard drive be the single point of
failure?

In article .at,
Anonymous Remailer (austria) wrote:

In article
Big Bad Bob wrote:

On 12/21/15 17:03, Gary Heston so wittily quipped:
Given physical access to a system, an attacker of even modest skills can
get any and everything off a system. If the sole objective is denial of
service, I don't know of any hard drve that can survive a hammer or
drill (particularly both) attack.

or thermite

Why must one poor little hard drive be the single point of
failure?

Oh, it doesn' have to be. I have a couple of servers at work with two
dozen drives in them, and the 96TB storage servers that should be
arriving soon will each have at least that many.

We like storage at work. It'll probably take a couple of days to
format them and create the RAID volumes.

Gary

On 22/12/2015 22:01, Big Bad Bob wrote:
On 12/21/15 10:21, edevils so wittily quipped:
On 21/12/2015 19:01, Peter Köhlmann wrote:
edevils wrote:

On 21/12/2015 18:06, Big Bad Bob wrote:
On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux—specifically, one
using the Grub2 bootloader—you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

so the bug is funnier than it is dangerous.

Unless data is encrypted. If you remove the hard drive and plug it
somewhere, you are still left with ciphered data.

On the contrary, if you read Hector Marco and Ismael Ripoll's original
article, you'll find out how they used the GRUB2 vulnerability to access
the GRUB rescue shell and deploy a malware from there.

"Since the data is ciphered, the strategy we will use is to infect the
system and wait until the user decrypts the data (by login into the
system) and then access to the information in plain."

http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html

With physical access to the machine they could just as well install the
logging software the standard way.

Could they, if GRUB is password protected?

yes. just install "no password" grub onto a different hard drive,


Looks like you have not read previous posts.

Again, I am talking about keyboard access, in a scenario where both GRUB
and BIOS settings are password protected. No *unrestricted* physical
access, no tampering with hardware.

Therefore, no "different hard drive" available, no "boot from CD/USB",
no easy shortcuts available,


and
set it up (cloned without password) to boot that image from a separate
HD [USB plug in for example], then put the "new" HD into the hard drive
slot, and voila! boot whatever you want, whenever you want, no password
required.

On 22/12/2015 21:29, Big Bad Bob wrote:
....
so yeah, 'physical access required' takes a LOT of the 'threat' out of
it. still needs patching. devs need to self-slap for letting it happen.


Maybe they wrote "physical access required", but they just used keyboard
access. They did not need to tamper with hardware.

On 22/12/2015 22:03, Big Bad Bob wrote:
On 12/21/15 14:05, Shadow so wittily quipped:
On Mon, 21 Dec 2015 09:06:22 -0800, Big Bad Bob
wrote:

On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux?specifically, one
using the Grub2 bootloader?you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

And you remove the hard drive because .... ?
[]'s


it's easier to read it with a different machine, possibly. or you could
boot your OWN image with a different hard drive if passwords lock out
USB bootup. etc.

it's back to "if you have physical access you can ultimately bypass ANY
security"

if a crook wanted your data he'd just steal the device and work on it
elsewhere.

But then, in real life, you don't "just steal the device", unless you
are a thief. Maybe you have access to the keybaard though.

In article
edevils wrote:

On 22/12/2015 22:01, Big Bad Bob wrote:
On 12/21/15 10:21, edevils so wittily quipped:
On 21/12/2015 19:01, Peter Köhlmann wrote:
edevils wrote:

On 21/12/2015 18:06, Big Bad Bob wrote:
On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux—specifically, one
using the Grub2 bootloader—you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

so the bug is funnier than it is dangerous.

Unless data is encrypted. If you remove the hard drive and plug it
somewhere, you are still left with ciphered data.

On the contrary, if you read Hector Marco and Ismael Ripoll's original
article, you'll find out how they used the GRUB2 vulnerability to access
the GRUB rescue shell and deploy a malware from there.

"Since the data is ciphered, the strategy we will use is to infect the
system and wait until the user decrypts the data (by login into the
system) and then access to the information in plain."

http://hmarco.org/bugs/CVE-2015-8370...on-bypass.html

With physical access to the machine they could just as well install the
logging software the standard way.

Could they, if GRUB is password protected?

yes. just install "no password" grub onto a different hard drive,


Looks like you have not read previous posts.

Again, I am talking about keyboard access, in a scenario where both GRUB
and BIOS settings are password protected. No *unrestricted* physical
access, no tampering with hardware.

Therefore, no "different hard drive" available, no "boot from CD/USB",
no easy shortcuts available,

Pull the drive and put it in another box. Now what good are
your passwords?

and
set it up (cloned without password) to boot that image from a separate
HD [USB plug in for example], then put the "new" HD into the hard drive
slot, and voila! boot whatever you want, whenever you want, no password
required.

Anonymous Remailer (austria) wrote:

In article
Big Bad Bob wrote:

On 12/21/15 14:05, Shadow so wittily quipped:
On Mon, 21 Dec 2015 09:06:22 -0800, Big Bad Bob
wrote:

On 12/20/15 16:38, Chris Ahlstrom so wittily quipped:
Anonymous wrote this copyrighted missive and expects royalties:

Though most of you likely don't run Linux?specifically, one
using the Grub2 bootloader?you'll surely appreciate the
unintended humor of a brand-new exploit that was recently found
for said bootloader.

http://www.pcmag.com/article2/0,2817,2496870,00.asp

What took you so long to post this? It's been bandied about
for many days now.

Already fixed, by the way.

Pretty stupid bug, though. Should never have happened.


with physical access to the machine, there's nothing stopping anyone
from removing the hard drive, plugging in a USB hard drive adaptor
thingy, and then reading it directly with another computer.

And you remove the hard drive because .... ?
[]'s


it's easier to read it with a different machine, possibly. or you could
boot your OWN image with a different hard drive if passwords lock out
USB bootup. etc.

it's back to "if you have physical access you can ultimately bypass ANY
security"

if a crook wanted your data he'd just steal the device and work on it
elsewhere.

Like to see them do that with fibre channel or NAS.

What difference would that make if they just want the device?

EZoto