Hacking a locked-down Linux PC is apparently as easy as pressing backspace 28 times

Thread Started By Condoms

3428
2
  • 32 Vote(s) - 3.09 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Rate Thread
#1
Quote:A pair of security researchers from the Cybersecurity Group at the Polytechnic University of Valencia in Spain have discovered a method of hacking into a Linux computer that's so easy, you'd be forgiven for thinking it wasn't legit.

The researchers figured out that it's possible to circumvent the login screen of a locked-down Linux PC simply by pressing the backspace key 28 times - no more, no less. Grub2, the bootloader used to initialize a number of Linux distributions, is to blame. Versions dating back from 2009 to present-day are vulnerable.

Doing the deed 28 times launches the Grub rescue shell which grants an attacker unfettered access to the machine's data which can be stolen or deleted. The attacker is also free to install malware, the researchers said in a blog post revealing the exploit. Do note that as an attacker, you'd need physical access to a machine in order to take advantage of the vulnerability.

Security expert and founder of Trail of Bits, Dan Guido, told Motherboard that it is irresponsible for Grub to lack decades-old exploit mitigations like stack cookies that could have addressed the issue.

Fortunately, the researchers created a patch to prevent the deceptively simple attack. What's more, as Motherboard notes, several distributions including Debian, Red Hat and Ubuntu have all released emergency patches as well.

[To see links please register here]


This was a rather interesting read, and now i need to pull out my old computer if i still have it or if i can find it.. to try it out..
Reply




Messages In This Thread
Hacking a locked-down Linux PC is apparently as easy as pressing backspace 28 times - by Condoms - 12-21-2015, 09:57 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  Sign of the Times: SL-to-Sansar Ship Straddling Second Life 0 1,609 09-01-2016, 06:11 AM
Last Post: Second Life

Forum Jump:

2 Guest(s)
Share this:

About Second Life Copybot

Second Life CopyBot Forum is a place where you can get items for Second Life and other vitual worlds for free. With our CopyBot viewers you can export and import any content from these virtual worlds and modify them in 3D software such as Blender, 3D studio Macx etc...