[tclug-list] Giant security hole?

Thu Sep 14 08:33:12 CDT 2017

LUKS disk encryption is your friend.  Very easy to setup these days.

On 09/13/2017 08:33 PM, r hayman wrote:
> True Story
> 
> Give an untrusted person physical access to a machine and you're pwned.
> 
> That's been the story for decades. Modern enhancements make it more 
> difficult but all bets are off when a bad person has physical access to 
> the hardware.
> 
> Even if they don't actually obtain access to the unencrypted data on the 
> hardware, your recovery is only as good to when you last had a good 
> backup if you end up with missing hardware.
> 
> Misconfigure the VM or the container or access to your platform and 
> physical access to the hardware takes on a new meaning.
> 
> If I can create a container on your hardware, I may have physical access 
> to your hardware.
> See https://blog.jessfraz.com/post/docker-containers-on-the-desktop/
> Specifically look at #7 Gparted
> 
> Modern technologies have opened new vectors and closed old vectors for 
> pwning your stuff.
> 
> Stay vigilant.
> 
> 
> On Wed, 2017-09-13 at 12:10 -0500, Clug wrote:
>> The thing is, if someone has physical access to your machine, they've
>> pretty much bypassed 99% of any security measures you have. This is not
>> new and not unknown; most people simply ignore that because who's going to
>> go into your house with a USB stick just to boot your computer?
>>
>> That said, there are many ways to block this. You can have a boot password
>> right in the BIOS. Then nobody can boot your machine. You can also block
>> booting from CD or USB in the BIOS and put a password on the BIOS setup.
>>
>> Course, that means someone can just steal your harddrive and plug that
>> into another computer. This is where full-disk ecryption comes in.
>>
>> If that's too much for you, most Linux distros will let you encrypt your
>> homedir.
>>
>>
>>
>> On Wed, 13 Sep 2017, Rick Engebretson wrote:
>>
>>> As I play around backing up, upgrading, and what-not, I use 
>>> not-so-hotswappable hard disk drives. Sometimes I goof up and have a 
>>> bad /etc/fstab file and the system will hang at boot. In older 
>>> distros there were some instructions to boot to root and use "mc" to 
>>> edit /etc/fstab. This newer opensuse distro had me stumped how to 
>>> just get the filesystem going. So I tried the Fedora Live DVD and 
>>> booted to DVD, mounted the boot hard drive in KDE "dolphin" file 
>>> manager, opened the KDE editor "kwrite," edited and saved the system 
>>> file /etc/fstab, and rebooted the opensuse hard drive smooth as silk. 
>>> I might be wrong, but these Linux Live DVDs seem to open a giant 
>>> security hole. _______________________________________________ TCLUG 
>>> Mailing List - Minneapolis/St. Paul, Minnesota 
>>> tclug-list at mn-linux.org <mailto:tclug-list at mn-linux.org> 
>>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list 
>>
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org <mailto:tclug-list at mn-linux.org>
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>
> 
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 