linux bootloader 'grub2' at risk

[sman]

 

Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.

 

GRUB, which stands for the Grand Unified Bootloader, is used by most Linux distributions to initialize the operating system when the computer starts. It has a password feature that can restrict access to boot entries, for example on computers with multiple operating systems installed.

 

This protection is particularly important within organizations, where it is also common to disable CD-ROM, USB and network boot options and to set a password for the BIOS/UEFI firmware in order to secure computers from attackers who might gain physical access to the machines.

 

Without these boot options secured, attackers or malicious employees could simply boot from an alternative OS -- like a live Linux installation stored on a USB drive or CD/DVD -- and access files on a computer's hard drive.

 

read on in ..http://www.infoworld.com/article/3016098/security/vulnerability-in-popular-bootloader-puts-locked-down-linux-computers-at-risk.html

 

[AdvancedSetup]

Has to have physical access to the system. Any system that allows unauthorized users to have physical access to a secure device cannot be considered a secure device. I'm not saying it shouldn't be fixed only that it should not be blown out of proportion as to the severity of the problem.