Backspace to hack Linux
-
http://www.thetimesgazette.com/just-hit-the-backspace-28-times-and-you-can-gain-access-to-most-linux-systems/10162/
Now security researchers have opened up a Pandora’s Box for several of the Linux distributions. They say that you just have to hit the backspace 28 times in succession, and you can gain access to Linux. -
Interesting. But in a virtualized environment this doesn't mean anything except for the host OS. You'd need console access and it does not work over SSH/Telnet.
-
And if you had console access or physical there are other ways to do this also. On Red Hat and Ubuntu systems (possibly others) you can change the root password with a rescue environment. I mean it is a bug and should be fixed (has been patched my most distros now), but if someone knows how to navigate grub rescue, they can get in other ways also.
-
if ( attacker.physical_access ) { security = 0; } -
I think the issue is resolved now
-
Both a non-significant threat and already resolved by the major distros. But good to be aware of these things. Good reminder that physical access means security has been breached.
