http://thehackernews.com/2015/12/hack-linux-grub-password.html
This article claims you can backdoor GRUB loader to gain access by pressing backspace 28 times.
>Linux Fags BTFO?
>Mac master race?
>Botnet 10, you got something to hide anon?
Discuss.
theres not much to discuss, if you already have physical access to the machine its game over anyways
osx is even worse considering you can infect the fucking motherboard firmware via thunderbolt
It's called single user mode, OP.
Encrypt if you want local security.
The only good non-backdoored drive encryption is on Linux.
>>51924817
>Using grub security
>not just encrypting your data for security
Like having a bios password, it solves nothing.
>>51924817
Are you fucking braindead? What am I saying, of course you are. Do you really think if someone is physically sitting at your computer they can't get into it somehow? Fuck, if I wanted to, I could just plug a live usb of ubuntu or some shit into a Windows PC and format the hard drive for laughs, this is nothing new.
>>51924872
>The only good non-backdoored drive encryption is on Linux.
prove it
>>51924817
Already been patched.
If this was windows, the patch would have been included on the next version number of windows.... maybe.
Well I don't use Grub. But pretty much this >>51924836
Physical access to a machine and you're done. If you're nervous about that, encrypt your whole partition. People who used Grub to encrypt were stupid in the first place.
That's like installing limewire, complaining you got a botnet and saying "WINDOWS FAGS BTFO!"
>>51924817
Who here is using grub authentication ? There is another password to login a session. And you can setup another one to encrypt your hdd. There is also the BIOS password...
(Hack linux is not the appropriated title)
>all those street shitters in the comments
>>51924817
>>51924907
>>51924898
>>51924922
I can encrypt my whole hard drive, encrypt grub (that's what we are talking about now), then sing my bootloader. You can bypass grub password but you won't do anything and if you try to change my bootloader I will notice.
>>51924902
>prove it
here ya go
https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
>>51925036
I said prove it, not post the wiki page which doesn't even come close to that.
Protip: you can't
>loonix security
First shell shock, then Heartbleed, now this.
It's time for a suicide watch for the poor fellas.
>>51925102
It's never been hacked and source code is open is proof enough. Unless you want him to prove some thing like "prove unicorns dont exist".
>>51924817
Why do you fuckers keep reposting this b8?
Windows bootloader literally has no security. This got fixed very quickly and it's not even that disastrous of a vulnerability.
>>51924817
what does grub have to do with linux?
also, read the last thread
>>51924817
mac os nor windows come with a bootloader that can be locked at all, fyi
>>51924817
>physical access
its fucked anyways op
>>51925102
the NSA uses it. if you would say that they could modify it to actually work, then you would be an idiot.
>>51924817
in related news, this hack will affect no one, because no one uses linux.
>LINUX IS INVINCIBLE, ALL OPEN SOURCE SOFTWARE IS SUPER SECURE!
So how long has this bug gone undetected?
>>51925926
>>51925944
retards
>>51925944
This isn't Linux, it's a bootloader
Thing it's that's the only bootloader providing such feature, it simply doesn't exist outside of GRUB
As always it was patched in hours in most major distros
>>51924935
Not sure where the shit goes in that picture
>w-well if you have physical access a-anyways
>It's patched now who cares about how long it wasn't noticed
face it open sores linux is only good for a rice desktop to impress other autist
>>51925998
>in hours
Hours after the vulnerability was made public, you mean.
Solved before it even happened.
>/etc/default/grubGRUB_DISABLE_RECOVERY="true"
>>51925926
OS X kinda does have this problem, in that it has single user mode enabled by default, so you can access any Mac without logging in unless it's encrypted (using FileVault).
>>51926010
>haha your bootloader isn't secure!
>while using a bootloader with no security
you do realize the windows and mac os bootloaders have no auth system whatsoever, right?
>>51926030
Before
Also, no one uses this retarded feature, that's why only GRUB has it
>>51926010
the same things happen in windows, remember that scrollbar bug that existed since win2000? its still unpatched in vista and xp and all win7 and 8 with turned updates off
>>51926049
lel, this.
Sure, GRUB might not be perfect, but Winfags and homOSeX users have Z E R O security in their bootloaders.
>>51926049
they don't need it. this feature was probably placebo anyways.
>no one will find my CP behind three levels of password protection
>>51925926
>saved as PNG for no particular reason as lossless quality does not affect the point of the picture
>poorly framed with 129 920 wasted pixels
>8 wasted bits per slc for a pointless transparency effect
>4KB of useless data in PNG header
>line selection selects the entire line
>odd font size
>non-standard Apple logo
>pointless ruler
>filename reveals your timezone
>attacks in Paris today stay at home if you're alright
Macs have plenty other problems it seems.
>>51926065
it IS placebo, as mentioned in the previous thread, it's less useful than a bootloader password
>>51924817
>2015
>using GRUB
Use EFIStub with rEFInd or you deserve hell
if this is the best windows/osx users have, then i'd say linux is in a pretty good spot
>>51925647
>open source
that has literally been proven time and time again to not have any effect on actual security. point an case: this thread
>>51924817
So? You can get in to Windows by booting to an install disc, pulling up a command prompt, and replacing the sticky keys executable with cmd.exe. Then reboot to the Windows installation and hit shift until sticky keys launches. Bam, command prompt before login.
Who the fuck isn't running LUKS if they're using Linux anyway?
>>51926065
>placebo
That's not what you name a feature that's been included because it is possible but that doesn't offer any particular guarantee other than the most basic ones.
A placebo actually works.
>>51926086
>Who the fuck isn't running LUKS if they're using Linux anyway?
Maybe Arch and Gentoo users who are too lazy to set it up? Ships with every major distro by default.
>>51926093
If you're going to install Arch or Gentoo it's like an extra 2 minutes to set up LUKS before you install the system since you're doing the partitioning yourself anyway.
IT'S SECURE!
>>51926041
Was already enabled for me, hm...
You realize that if you don't actually encrypt your data, then any cuck could just mount your drive and access your files anyway?
This is like "locking" your front door by putting a piece of duct tape across it, and then wondering why people are able to break in.
>>51924817
Tested this on my kali (boot loader from USB)
didn't work.
Safe.
>>51926174
you realize I could still access your data while your in the restroom and forgot to lock your computer?
>>51926116
>didn't bother to read the paragraph at the top of the page
Wow, a single rootkit was developed for Linux, but was never actually a threat and was rendered obsolete by updates. I'm totally switching to Windows 10 now!!
>>51926196
that's the only one that is known. all the 1337 haxx0rs sell them to governments and corporations
>>51924817
This thread is literally a large bunch of closed source software slaves butthurt about their shitty software and 0-days unfixed for years.
My gentoo doesn't have this problem.
Also, who the fuck uses a bootloader password?
>>51926005
>Matrix
>>51926463
>3 line prompt
fuck off.
>>51924817
>mfw syslinux...
I thought 'muh open-source' community finds these since som many people can submit reports? If this goes om undetected for a decade, I really wonder how many serious security issues there are.
Don't worry, guys systemd-bootloaderd is immune to this
I've noticed a lot of major bugs in foss with the advent of techfeminism.
>>51924905
That's not true at all, and hasn't really been true since before Vista.
Don't be autistic.
>not using syslinux
the obvious superior choice.
>>51924817
LiLo master race reporting in.
GRUB is for fags
>>51924817
Brb testing
>>51926077
>having a UEFI bios
yikes
>>51927616
yeah, it just sends your LUKS keys and root password directly to the NSA on boot, no need for an exploit.
>>51931596
No recent update, didn't work, updating any-ways.
>>51926226
All the leets use Linux, sithlord.
>>51924817
>The good news is the researchers have made an emergency patch to fix the Grub2 vulnerability. So if you are a Linux user and worried your system might be vulnerable, you can apply this emergency patch, available here.
>Meanwhile, many major distributions, including Ubuntu, Red Hat, and Debian have also released emergency patches to fix the issue.
Did any of you fags read the article?
>>51927636
well obviously your personal observations of bug frequency in the small subset of FOSS that you use are accurate and the only possible cause of this is "tech feminism" because correlation implies causation
>>51924817
>another cancer thread baiting for replies
>59 retards
have one more, faggot
>>51925698
Lets say you want Linux and Windows side by side on your hard drive. Grub lets you chose which OS to boot to. I wasn't even aware you could password protect Grub before TFA. You still need to get past user authentication once Grub has booted to Linux.
>>51926071
I hope you actually took the time to write this. That would be so great.
>>51924836
this
I can break into a Mac in less than a minute just by booting the fucking thing into single user and clearing the root password
>There are people in this thread unironically hating linux and using buzzwords like open sores
I want normalfags to fuck off back to reddit where they belong
>>51925926
>no one uses linux
professionels do, so how should you know...
>>51926116
kek. even then you can at list have them listed, but for other OS there so many you cant even list them all.
>>51924817
GRUB is deprecated.
You wouldn't have this problem if you used systemd-boot.
