Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Backspace to hack Linux

    IT Discussion
    6
    6
    1083
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Danp
      Danp last edited by

      http://www.thetimesgazette.com/just-hit-the-backspace-28-times-and-you-can-gain-access-to-most-linux-systems/10162/
      Now security researchers have opened up a Pandora’s Box for several of the Linux distributions. They say that you just have to hit the backspace 28 times in succession, and you can gain access to Linux.

      1 Reply Last reply Reply Quote 2
      • J
        Jason Banned last edited by

        Interesting. But in a virtualized environment this doesn't mean anything except for the host OS. You'd need console access and it does not work over SSH/Telnet.

        1 Reply Last reply Reply Quote 1
        • stacksofplates
          stacksofplates last edited by

          And if you had console access or physical there are other ways to do this also. On Red Hat and Ubuntu systems (possibly others) you can change the root password with a rescue environment. I mean it is a bug and should be fixed (has been patched my most distros now), but if someone knows how to navigate grub rescue, they can get in other ways also.

          1 Reply Last reply Reply Quote 2
          • JaredBusch
            JaredBusch last edited by

            if ( attacker.physical_access ) { security = 0; }
            
            1 Reply Last reply Reply Quote 5
            • Lakshmana
              Lakshmana last edited by

              I think the issue is resolved now

              1 Reply Last reply Reply Quote 1
              • scottalanmiller
                scottalanmiller last edited by

                Both a non-significant threat and already resolved by the major distros. But good to be aware of these things. Good reminder that physical access means security has been breached.

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post