PaulSpoerry.com

Social Media, technology, and geeky stuff for your brain.

  • Home
  • About
    • Privacy Policy
  • Categories
    • Google+ Posts
    • Site news
    • Tech
      • Android
      • Apple
      • Chrome
      • Gadgets
      • Hacking
      • Linux
      • OSX
      • Privacy
      • Web Life
        • Bittorrent
        • Facebook
        • FireFox
        • GMail
        • Google
        • Google+
        • Twitter
        • WordPress
        • Windows
          • Windows 7
    • Google+: Getting Started Guides
    • Games
    • Meditation
    • Politics
    • Science
    • That’s freakin hilarious
  • Code
    • FreeImageZoom
    • Post Editor for Google+™
    • The Plus Editor
  • Contact
You are here: Home / Google+ Posts / You Can Break Into a Linux System by Pressing Backspace 28 Times

You Can Break Into a Linux System by Pressing Backspace 28 Times

December 16, 2015 by Paul Spoerry 4 Comments



Back to 28: Grub2 Authentication Bypass 0-Day
Description. A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. The vulnerability can be exploited under certain circumstances, allowing local attackers to bypass any kind of authentication (plain or hashed passwords).

The researchers, Hector Marco and Ismael Ripoll from the Cybersecurity Group at Polytechnic University of Valencia, found that it’s possible to bypass all security of a locked-down Linux machine by exploiting a bug in the Grub2 bootloader. Essentially, hitting backspace 28 times when the machine asks for your username accesses the “Grub rescue shell,” and once there, you can access the computer’s data or install malware. Fortunately, Marco and Ripoll have made an emergency patch to fix the Grub2 vulnerability. Ubuntu, Red Hat, and Debian have all issued patches to fix it as well.

If it says one thing it's that no matter how hardened your network is… physical security is still important.

Check this out on Google+

Filed Under: Google+ Posts

About Paul Spoerry

I’m a groovy cat who’s into technology, Eastern Thought, and house music. I’m a proud and dedicated father to the coolest little guy on the planet (seriously, I'm NOT biased). I’m fascinated by ninjas, the Internet, and anybody who can balance objects on their nose for long periods of time.

I have a utility belt full of programming languages and a database of all my knowledge on databases... I practice code fu. Oh, I've also done actual Kung Fu, and have a black belt in Tae Kwon Do.

I run. I meditate. I dance. I blog at PaulSpoerry.com, tweet @PaulSpoerry, and I'm here on Google+.

I'm currently work for IBM developing web enabled insurance applications for IBM and support and develop a non-profit called The LittleBigFund.

Comments

  1. John Bump says

    December 16, 2015 at 6:06 pm

    Albeit with console/hardware access.

  2. Paul Spoerry says

    December 16, 2015 at 6:14 pm

    Yeah I mean in reality, if the hd is encrypted I don't even think this would give you anything would it +John Bump? And in reality… if it being not encrypted is the thing, and you have physical access, just yank the drives and mount them in another pc… or boot from usb and mount them that way, etc.

  3. John Bump says

    December 16, 2015 at 11:17 pm

    For stuff like servers, this is entirely a nonissue. For a point-of-sale machine or ATM, that somehow allows both rebooting and keyboard access, yes, sure, it's a problem — but how many of those are there?

  4. Paul Spoerry says

    December 17, 2015 at 8:21 am

    According to the number of times I've had to have my card replaced I'd say quite a few lol

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copyright © 2023 · Epik on Genesis Framework · WordPress · Log in