c******n
发帖数: 16666 | 1 【 以下文字转载自 JobHunting 讨论区 】
发信人: IFloating (Floating Freely), 信区: JobHunting
标 题: 说linux安全就是个大笑话 (转载)
发信站: BBS 未名空间站 (Thu Dec 17 23:18:01 2015, 美东)
发信人: mitbbs2715 (好吃不懒做), 信区: Military
标 题: 说linux安全就是个大笑话
发信站: BBS 未名空间站 (Thu Dec 17 22:30:48 2015, 美东)
You Can Break Into a Linux System by Pressing Backspace 28
http://lifehacker.com/you-can-break-into-a-linux-system-by-pres
Patrick Allan
Yesterday 1:30pmFiled to: SECURITY
Hitting a key over and over again actually works for once. Two security
researchers in Spain recently uncovered a strange bug that will let you into
most Linux machines just by hitting the backspace key 28 times. Here’s how
to fix it and keep your data protected.
The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group
at Polytechnic University of Valencia, found that it’s possible to bypass
all security of a locked-down Linux machine by exploiting a bug in the Grub2
bootloader. Essentially, hitting backspace 28 times when the machine asks
for your username accesses the “Grub rescue shell,” and once there, you
can access the computer’s data or install malware. Fortunately, Marco and
Ripoll have made an emergency patch to fix the Grub2 vulnerability. Ubuntu,
Red Hat, and Debian have all issued patches to fix it as well.
Linux is often thought of as a super secure operating system, but this is a
good reminder to take physical security just as seriously as network
security (if not more). Take extra care when your machine is around people
you don’t know, especially if your system has sensitive data on it. | d****o
发帖数: 32610 | 2 试了下不行
【在 c******n 的大作中提到】
: 【 以下文字转载自 JobHunting 讨论区 】
: 发信人: IFloating (Floating Freely), 信区: JobHunting
: 标 题: 说linux安全就是个大笑话 (转载)
: 发信站: BBS 未名空间站 (Thu Dec 17 23:18:01 2015, 美东)
: 发信人: mitbbs2715 (好吃不懒做), 信区: Military
: 标 题: 说linux安全就是个大笑话
: 发信站: BBS 未名空间站 (Thu Dec 17 22:30:48 2015, 美东)
: You Can Break Into a Linux System by Pressing Backspace 28
: http://lifehacker.com/you-can-break-into-a-linux-system-by-pres
: Patrick Allan
| c*****m
发帖数: 1160 | 3 physical access. 当黑客能坐在你的电脑前面重启动,在 grub界面乱输入的时候,
可以肯定你的电脑已经没什么安全性了。
如果他用usb启动,你的硬盘没有全盘加密的话,资料也全暴露了。 | s*****g
发帖数: 1055 | 4 刚试了下, serial over ipmi 也不行。
【在 c*****m 的大作中提到】
: physical access. 当黑客能坐在你的电脑前面重启动,在 grub界面乱输入的时候,
: 可以肯定你的电脑已经没什么安全性了。
: 如果他用usb启动,你的硬盘没有全盘加密的话,资料也全暴露了。
|
|
