>A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected
6 fucking years for a simple vulnerability in the main linux bootloader
m-muh open source code is audited guys, I s-swear
>>51894958
how often do you actually use the bootloader for authentication?
>>51894958
dumb frogposter
>>51894958
>m-muh open source code is audited guys, I s-swear
Literally nobody said open source was immune to bugs or every bug was found. But be happy we can search the source code ourselves rather than relying on a small group of people who have access to the source code to find it or even patch it at all.
>>51894958
only if they have physical access.
on an unrelated tangent, wonder if it is possible to filter the facebook frog from my internet browsing
How many people actually use bootloader authentication?
Source?
>>51894958
>using the bootloader for authentication
>having physical access to a computer and relying on a grub exploit to do your dirty work
>not having encrypted drives
>>51895066
>>51895043
Exactly, getting sick and tired of people nailing free software to the cross every time a bug is found like any other software has.
>>51894958
The average windows 8.1 machines has 2,812 vulnerabilities found each week.
I have yet to have any windows update for a kernel.
I hate you for being this simple minded about vulnerabilities.
>Btw
I work for a security company and my role is vulnerability researcher. So you offer me nothing useful.
>>51894958
dumb frogposter
also install Windows 10 senpai desu.
>using grub
>>51894958
>>A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected
WHY WON"T YOU CUNTS POSTS SOURCES.
I mean are you making dripping shit posts or do you honestly believe /g/ is retarded?
>>51895103
>implying
the vulnerabilities exist and are removed through security updates. the more popular the system the more it is exploited.
on another note, if windows was truly as vulnerable as you believe, the entire world would shut down as most home and enterprise users have all their data on their Windows PC's often without backup.
we would see reign of chaos ensue immediately like it happened with few atrocious worms like love.
>>51895128
it's real, there have been some threads about it already.
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
>>51895125
I use it. Problem?
Inb4 being told it is software with vulnerabilities. Wait, is this not common for software to not be perfect.
>>51895128
google it you fucking mongoloid aspie
>>51895136
Enterprise machines are the ones who get more support and patches quicker. In fact, they'll be getting windows 7 support for years after 2020. To microsoft, home users are a lower priority.
>bootloader authentication
Nobody sane does this
>GNU software
Nobody sane does this
How many times does it have to be repeated?
GNU/Bloat = Shitty/Insecure
Even fucking emacs had a local root exploit at some point
The only code that is audited is the code that is actually audited, and the code that is simple enough for random people to go over (thousand eyes effect). GNU does not write that kind of code.
If software that accomplishes a simple task has a complex implementation it may as well be proprietary until examined by seasoned profesionals
>>51894958
oh, this is like the android vulnerability meme
antifreetards just gripping for life now?
>>51895082
I suspect the reason for this is that microshills can't stand the idea that open source software would be more secure than closed source software so they immediately clasp at straws whenever they see them.
If this was a closed source vulnerability then it most probably wouldn't have been discovered until years later and even then most probably by ether the NSA and used to hack regular citizen or then by hackers and used to install malware on people's machines.
Thanks to GRUB being open source they can immediately pinpoint where the problem is, rectify the issue and distribute a fix to anyone who can be bothered to update. If GRUB was closed source the update would obviously only cover recent stuff forcing those who aren't on the most recent version to buy the latest version or stay vulnerable.
But yeah... The only people worse than microshills when it comes to perceived knowledge vs actual knowledge are the /v/irgins.
>>51895153
>word around the street is XP is still supported just not for the regular joe
>>51895164
which brings to the only conclusions, human written code will always be imperfect.
we need a machine to write code so perfect that even it cannot exploit it.
>>51895125
Grub is the best bar none. You should be using grub 1 because it uses actual plaintext configs and is more mature, but you should still use grub.
>>51895177
stagefright was actually huge and a legitimate remote exploit issue.
this isn't.
>>51895136
>on another note, if windows was truly as vulnerable as you believe
Before you jump the gun to interrupt my believes I want to stop right there.
First, I stated a well known number based on statistics.
Second I demonstrated that the bootloader grub may have been exploited but so is windows on a everyday basis. I am NOT implying windows is shit because of this. Linux is exploited on average 129 times a week, This number is hard to find since distros are different in many ways.
My point is it's like all of you are underage children that pick on a simple flaw in software.
Children, have you forgotten that linux and windows contained vulnerabilities that are serious but has yet to be detected,,, Picking on this flaw is like forgetting that windows has a serious kernel exploit a couple months ago. Just get over it already.
>>51895191
No, that doesn't follow at all.
It follows that retard designed software will always be retarded. Therefore, retards should be barred from writing software.
>>51895203
The linux kernel doesn't actually need a bootloader fyi
>>51895164
Whats a replacement for GNU? Plan 9 from userspace?
>>51895146
Why should I google source. You guys are truly retarded if a reader must find the sources and waste their time.
If you want to post bait then try to do it in a manner that doesn't waste peoples time.
Another thing is why the fuck should I be required to find sources based of shit posts on /g/.
How does this affect me on a Libreboot BIOS with an encrypted /root and Libreboot password?
>>51895243
If you don't use a bootloader at all, you're retarded.
>requires physical access
>>51895252
>Why should I google source.
millenial entitlement, folks.
>>51895251
Google it
>>51895261
I feel sorry for all those people who run embedded linux, then.
>>51895252
>SOMEONE SPOON FEED ME! I'M TOO STUPID TO FIGURE IT OUT MYSELF
fuck off
>>51895229
>underage children
I am 31 with a job and family using computers before GUI was invented. I did not make this thread and the reason I use Windows is because it is superior to Linux in every way after 2 years of testing them side by side.
Linux is a failed abortion that should have died in the 80's.
>>51895277
Face it. No other search engine provides a non retarded search result.
What will they do when I google "is this cunt of 4chan retard"
>NSA
Shit, some cunt is google 4chan. Better murder them using our best Mexican...
Whatever pedro.
>>51895259
you have all that setup and you can't figure it out on your own?
>>51895298
>bait
>>51895298
>I am 31 with a job and family using computers before GUI was invented
>I use Windows is because it is superior to Linux in every way after 2 years of testing them side by side
>Linux is a failed abortion that should have died in the 80's.
You're not 31, stop lying on the internet.
>>51895259
might need to recompile libreboot and update your grub payload if it builds it from the latest grub sources, you're fine anyways as your disks are encrypted. if your password was set by setting it in the grub.cfg then this affects you.
>>51895286
Stupid or understand my time is not worth finding a shitty security story.
Not to mantion the cancer which follows this topic.
>Linux is shit
>Windows is not
Linux is shit because of this flaw
Windows is not shit because it had a kernel flaw months ago
>Linux is just shit because of this.
Yeah mate. I sure will not waste time with this useless information. Just understand shit is vulnerable without a 4chan user posting shit about it...
>>51895313
>windows
is this affecting me if I use efistub to boot my kernel? please answer
>>51895337
you're spending more time writing these embarrassing posts than it takes to search "grub2 vulnerability" and find what you're crying about
>>51895313
Fuck off to reddit your useless piece of shit.
>Windows
Insert frogimagehere.faggot.jpeg.png
>>51895313
Once again, frogposter posts low quality post and contributes nothing to the thread.
>>51895356
"is this affecting me if i use an entirely different bootloader to boot my kernel?"
does anyone have critical thinking skills anymore?
>>51895369
>>51895374
he deleted the post
>>51895298
Hang on. Windows is not a server os.
Why do you think 45% of the internet uses red hat linux. The other is 45% is using unix.
Oh no. Linux is shit.
Told you are a bunch a children.
>>51895405
I think a mod/janitor deleted it.
>>51895429
Cheers to the god mods.
>>51895141
>To quickly check if your system is vulnerable, when the Grub ask you the username, press the Backspace 28 times. If your machine reboots or you get a rescue shell then your Grub is affected.
>when Grub ask you the username
What? Literally who uses this?
This is a non-issue.
>>51895111
>league of legends
Microshills:
>New vulnerabilities in Windows found all the time, a lot of them serious
[The sound of crickets in the background]
>A vulnerability is found in Linux or some other open source software project
KEKEKKEKEKEK!!!!!1 OPEN SOURCE IS SHITTTT!!!!2 [Insert flavor-of-the-month-meme-here]
Then again this type of stupidity is just typical of all fanboys... Fanboys/girls of consoles, companies, boy bands and Justin Beiber alike.
>>51895443
seriously. like the only person that would be affected is >>51895259 and his disk is encrypted anyways, so the threat is next to nil unless they want to evil maid him, which isn't going to happen because he clearly doesn't understand what he's doing enough to be a threat to anyone.
>>51895464
Anyone who hates free software is from /v/, they unironically call anything that isn't windows a meme.
>>51895443
>I never use this so it's a non issue.
I've never seen the grub password thing either though
>>51895298
>Trying this hard to get people mad
>Doesn't even know Linux was released in 1991
>>51894978
I wasn't even aware you could until yesterday when I first read the article. Bullshit, fear-mongering again.
>>51895485
like, it's a stupid vulnerability, but if it affects anyone it's a very small minority and the exploit vector requires a level of access that would make it open to much worse things anyways. who gives a shit?
>>51895504
The kernel was released in 1991, but the GNU software that every distro uses has been in development since the early 80s. The fact he mixed up GNU with the kernel shows hes full of shit.
>>51895518
Microshills apparently... Then again to them all vulnerabilities in Windows are non-issues while vulnerabilities in competing products, both open and closed, are a HUGE deal.
>>51895543
I don't give a fuck about your PC terminology. I call it Linux. You can cry all you want.
>>51895565
Daily reminder PC language was a real issue before memesters got to it.
Excuses are like assholes, every Linux user has one.
>>51895565
This isn't about calling it Linux vs GNU/Linux. You said Linux has been in development since the 80s when that is not true. The GNU software has been in development since the 80s and linux came out in 1991. Stop trying to act like you're older than you really are.
>>51895610
how old do you think I am? My first computer was a 486 with Windows 3.11, a monochrome monitor and played Warcraft and Space Commander in DOS without a sound card. The first experience I had with programming was logo and visual basic in school.
not everyone is a poser like you mate.
>>51895660
>monochrome monitor
lel poorfag
>>51895066
Dumb question, is luks decryption (where it prompts you for a password) started via systemd or the bootloader? It's definitely before x starts.
>>51895565
That's a microaggression bro. Sometimes victims side with their oppressors.
>>51895827
the bootloader + the initramfs
although systemd absorbed gummiboot, so it's now systemd-boot, which is cool and not at all retarded. so the answer is both.
>>51895203
kek I use systemd as my bootloader
>>51895913
>use systemd
>a project developed and financed mainly by Red Hat
>Red Hat is in cahoots with the NSA
>systemd has absorbed all low level userland functionality in linux. of note, it now controls booting, luks decryption, and your network access.
>using the power of systemd, the NSA will be able to easily log your luks decryption keys and send them out over the network before you could ever run any sort of software packet filtering tool to monitor this.
>this is the future you chose
>>51894958
>gtk had the same bug in the screensaver coming up like three times in a year
>now grub has a similar bug
wtf is with loonix-devs?
>total non-issue
yeah, true, nobody's using loonix.
>>51895609
Do you audit the software you use you super cuck?
work for free goyim
donate to fsf goy
put in backdoor like good cattle so i can get more donation from nsa
these idiots wont find it for years
>>51895128
>do you honestly believe /g/ is retarded?
yes
>>51894987
Then why didn't you guys find this earlier. Oh that's right, you are relying on a small group of people who have access to the source code to find it or even patch it at all.
>>51895043
>only if they have physical access
The why bother patching if its nothing? Why was this even reported?
>>51895508
This
>>51894958
>grub has an authentication functionality
>ntldr does not
>hurr durr loonix sucks
>>51896634
>The why bother patching if its nothing?
It's still unintended behaviour (aka a bug)
>Why was this even reported?
See above
>>51894958
Yeah, and a 0day in Microsoft Server (all fucking version) fucking DNS is found which allows pre-auth RCE. Fucking retard.
>>51895191
>we need a machine to write code so perfect
Who codes the machine?
Daily reminder what GNU software is like
https://gist.github.com/pete/665971
Install BSD or Alpine and never worry again
>>51894958
Dumb frog poster. Furthermore, open source means it's *subject* to independent research and code audits, which IMHO isn't happening nearly enough yet.
>>51894958
>no source
ok kid
>>51897707
its everywhere fagget
