Jump to content

linux bootloader 'grub2' at risk


sman
 Share

Recommended Posts

 

Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.

 

GRUB, which stands for the Grand Unified Bootloader, is used by most Linux distributions to initialize the operating system when the computer starts. It has a password feature that can restrict access to boot entries, for example on computers with multiple operating systems installed.

 

This protection is particularly important within organizations, where it is also common to disable CD-ROM, USB and network boot options and to set a password for the BIOS/UEFI firmware in order to secure computers from attackers who might gain physical access to the machines.

 

Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS -- like a live Linux installation stored on a USB drive or CD/DVD -- and access files on a computer's hard drive.

 

read on in ..http://www.infoworld.com/article/3016098/security/vulnerability-in-popular-bootloader-puts-locked-down-linux-computers-at-risk.html

 

Link to post
Share on other sites

  • Root Admin

Has to have physical access to the system. Any system that allows unauthorized users to have physical access to a secure device cannot be considered a secure device. I'm not saying it shouldn't be fixed only that it should not be blown out of proportion as to the severity of the problem.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.