Re: Debian 9

To: debian-user@lists.debian.org
Subject: Re: Debian 9
From: Hans <hans.ullrich@loop.de>
Date: Wed, 28 Jun 2017 07:01:34 +0200
Message-id: <[🔎] 214121373.U6Vcv0FBsT@protheus7>
In-reply-to: <[🔎] 20170627221615.an7sf6c7niffgfym@riseup.net>
References: <21200978.3283526.1498579213583.ref@mail.yahoo.com> <[🔎] vVzlWdCRzCusK-kKR5Fa3bQBhXokntr325ughv3LcBpsHs2E-zvTiLtj811Dn02HWXtlTwzr46Xz8mjeF5Xkhl_fqolDpNbthlwzKFAU-oY=@protonmail.com> <[🔎] 20170627221615.an7sf6c7niffgfym@riseup.net>

Am Dienstag, 27. Juni 2017, 18:16:16 CEST schrieb Sean Behan:
> On Tue, Jun 27, 2017 at 05:41:57PM -0400, Fungi4All wrote:
> > Is this all it takes to hack the root account of a secure debian system?
> 

Yes, if one get physical access, you have lost! That is the reason, all of my 
personal systems are encrypted. 
> Correct, if you're on the same architecture you can actually chroot to
> acquire the same effect by issuing commands.
> 

Or you can use nice attacker tools, like "Switchblade and Haksaw",  "Rubber 
Ducký", or the very new and famous "Bash Bunny". Everything is known since a 
long time and no secret.  
> It's not really hacking, you have access to the file system, therefore
> you are able to change the data on the disk, such as passwords.
Hmm, IMO it is hacking, because you make things, which it is not intended for.

Admins should know this.

Ah, and the "Cold boot attack" which was mentioned: Take care not to hand your 
system over, until it is shut down for some minutes! :)

Kind regards

Hans

Reply to:

References:
- Re: Debian 9
  - From: Fungi4All <fungilife@protonmail.com>
- Re: Debian 9
  - From: Sean Behan <seanwbehan@riseup.net>

Prev by Date: Re: Why does no one care that Brad Spengler of GRSecurity is blatantly violating the intention of the rightsholders to the Linux Kernel?
Next by Date: Re: Stretch and network management
Previous by thread: Re: Debian 9
Next by thread: Re: Debian 9
Index(es):
- Date
- Thread