http://www.engadget.com/2015/12/18/log-into-most-any-linux-system-by-hitting-backspace-28-times/
linuxfags btfo
>>51951051
install gentoo
Fuck off already, nobody uses grub. And even if you do, this is already patched.
>>51951176
>nobody uses grub
Oh wow
>>51951176
you're forgetting all the embedded instances of linux that will never be updated
>>51951176
>nobody uses grub
hahahahaha damage control lvl = max
Imagine the outcry if Windows had a similar vulnerability, you fags would never shut up about it
>>51951176
>nobody uses grub
even macfags don't make up such specious bullshit to damage control.
kindly kill yourself back to /pol/ with your retarded btfo meme
>>51951176
>nobody uses grub
Are you retarded?
>>51951176
>>51951051
>immediately bypasses the lock screen
what lock screen? is the OS selection screen considered a lock screen by normies? or are we talking about grub password? if the latter, than okay, that's quite bad.
still,
>almost 2016
>not using disk encryption
shiggy diggy
>>51951232
M$ shill detected
>>51951283
this
/thread
>>51951403
>M$ shill detected
Why do Linux autists say this every single time they get rekt, it's OK to admit your mistakes :^)
Your parents sure did
>>51951051
Wait does it matter what display manager or lack of? I am not reading this shit someone tell me
>>51951442
The lock screen for grub, if you use a password for it
>immediately bypasses the lock screen, initiates the "Grub rescue shell"
>>51951427
>implying I'm the newfag who said no one uses grub
even I'm not that dumb, christ
>>51951368
>what lock screen?
It loads a grub rescue console, which you can use to mount the disk and open a shell as root, so I guess it technically bypasses the lockscreen.
>or are we talking about grub password?
Nope. Doesn't do anything if there's a password
It's entirely stupid and the media is just having a field day with this by copying articles off each other stemming from one original shitty one.
>>51951469
So you do agree that the guy that said that nobody uses grub2 is retarded?
And you must agree if something similar existed for whatever WIndows' bootloader is that you Linux users would never shut up about it?
>>51951051
>grub
use something sane like syslinux next time
>>51951462
Tak
>>51951427
I'm >>51951403, here's your proof (see filename)
Try again, faggot
>>51951505
Yes to both, this is /g/. idgaf how this became neo-/g/, but i remember the good old days when Winfags and Macfags were not tolerated
>>51951547
>Winfags and Macfags were not tolerated
>Mommy, those people use different things than me, make them stop :(((
You right now
>not using syslinux
>2015
enjoy your bloated bootloader and blank screen at boot
>>51951051
Pretty sure you could do the same thing by booting from a Linux USB and then mounting the drives.
Or, since you have physical access, just take out the drive and put it in another computer.
Full disk encryption will prevent this, which you should be using anyway.
>>51951577
>implying I care what other use
Christ, these winter break faggots sure have sure gotten aggresive
How is this any less secure than the windows bootloader allowing you to start up in Safe Mode or the OS X bootloader allowing you to start in Single User Mode?
>>51951604
>>implying I care what other use
So why are you moaning so loudly about people that don't use Linux browsing /g/
Yawn. Come on guys.
At the end of the day, if you have physical access to a box only encryption can save you. Linux or windows, doesn't matter.
Irrespective of this bug, if you have physical access to a box you can boot from a USB stick and mount the disk from there. Failing that, just turn the server off, whip out the disk and use a USB/data connector to pull off the data.
I'm not going to turn around and say this vuln is trivial, but let's not pretend its a huge issue either. Heartbleed was 10000 times worse.
>>51951647
This
Doesn't the security community automatically consider the machine vulnerable once the "attacker" gets physical access?
>>51951577
>>51951629
>Mommy, I fed the botnet and I'm posting on a board that's trying to stop them, why are they laughing at me
You right now
>>51951689
>a board that's trying to stop them
but according to that guy it's no longer trying to do this
>>51951176
Lots of people use grub, nobody uses it for authentication because it's a literally useless feature.
>>51951703
Yeah, he'll just jack the disk and use it back at his place
>>51951703
Would just taking the power cable be enough?
I doubt pro hax0rs are carrying power cables with them
>>51951609
It isn't.
This is going to be a fun christmas from all the children who are going to shit up the board more than it already is.
>implying i don't lilo
slackware ftw
>>51951259
Yes they do.
>B-But you're not holding your iPhoneâ„¢ at the right angle for the call.
>>51951604
>winter break faggots
Most of Australia is on school break now
>>51951051
>Requires physical access
>Vulnerability
Fuck off MS shill
>>51951051
>boot windows
>select safe mode option
>get in without a password
wintards?
>>51952595
pls no bully
>>51951051
1. this only defeats grub, it doesn't allow anyone to circumvent the usual user login or even encryption
2. almost nobody uses this grub feature because it is pointless
3. the attacker needs physical access
4. it's already patched
>>51952560
>vulnerability
>all the time
>b-b-ut we can r-read the c-code
fuck off open sores tard
i tryed to install a linux and the installer said something about floppy disks. SMh NOPE. this is the year 2015. how people use this depreciated CRAP is beyond me
>>51951051
>replace osk.exe with cmd.exe
>open onscreen keyboard on the login screen
>net user administrator qwerty
>log in with administrator qwerty
Nutella?
>>51952700
>replace osk.exe with cmd.exe
>open the cmd shell on the login screen
>logged in as system i.e root
wintards?
>>51951051
Original OP here
Fuck you attention whore!!
I posted this way before you.
GTFO
>>51951051
It's a bug in the bootloader's menu.
Linux has nothing to do.
Don't feed the retard.
>>51952700
I've done this with the accessibility options executable, actually helped me get back in when I first got my laptop and forgot my password
This.... Is not functionality anyone uses. I have literally never seen a password protected bootloader. I didn't even know this was a thing.
What if Windows had a vulnerability like this? Well we'd still be wondering who the hell is using a password protected bootloader
Also
>log in
Booting the computer up is not logging in..... this doesn't get you into an account. It turns it on
>>51954119
>What if Windows had a vulnerability like this?
It does
Oh I see the confusion now. A "rescue shell" in GRUB is not a shell. It just brings up a shell built into the bootloader that lets you temporarily make changes to the boot settings and boot with them. It's not a real shell
>>51954146
There's no Windows equivalent to this, a password protected bootloader is a really weird thing
>using grub
lmao
Seriously though, it's an issue and I hope it's fixed across all distros and upstream soon if it hasn't been already. I like rEFInd though, which I'm sure is riddled with bugs
>>51951484
>media is just having a field day with this by copying articles off each other stemming from one original shitty one.
Welcome to the real world. 90% of all articles are copies of other articles.
>>51954234
>it's an issue
It isn't. Most people don't password protect GRUB in order to prevent intruders from accessing recovery mode, the same way no one ever asked for the windows bootloader to be password protecting. Anyone can access safemode on Windows without a password and no one is writing articles about it.
>>51954595
Oh, I thought it pulled up like an emergency system shell, not a grub shell. It's literally nothing then.
>>51951232
But it's just as easy to break into windows if you boot into linux.If anyone gains physical access to your system you are basically fucked. That's why in all those cool hacker movies you see them breaking into some super secret and secure compound to press backspace 28 times.
>>51954642
A grub shell can be used to mount a filesystem and access files arbitrarily.
>>51954985
So can running another OS from a live CD
What's your point?
>>51955039
It's no more "nothing" than opening a system shell
>>51955065
Both are equally nothing
>>51955082
I didn't say otherwise. >>51954642's use of "then" implies that being able to open a system shell is worse than a grub shell
>>51951051
>bypassing the bootloader password is the same as logging into a system
What worries me the most is how badly this is being reported.
If a malicious user has physical access to a system, they've already won. This bug doesn't allow you to log into a Linux PC, it just bypasses a GRUB password. Know how else you could bypass a GRUB password? Put in a LiveCD/LiveUSB and boot from that.
If you actually want security on your PC, you need full disk encryption, which would prevent this attack. Even then you'll still lose if a malicious user has physical access, because they just need to slip a hardware keylogger (which are very cheap and available) on your keyboard.
>>51951201
>embedded instances of linux using grub
Just fucking end yourself.
>>51955165
An embedded linux device would use grub as a bootloader, fucking retard loonix fag playing damage control.
So if you have physical access to the machine you can enter a recovery mode without knowing the password? So just like Windows and OS X?
The only difference is that this is a bug that has since been patched, while on Windows and OS X it's intended behavior.
>>51956385
No it fucking wouldn't.
GRUB is too fucking bloated for use on an embedded system.
>>51951051
I'm more interested in this security research that uncovered the "bug"
>>51951051
>The bug isn't a huge threat -- I mean, a hacker would need physical access to your machine in order to exploit it -- especially now that Ubuntu, Red Hat, and Debian all have released patches.
I wish you Winretards would at least read articles you post. But I guess reading is too hard.
>>51956698
Someone mistyping their password and getting distracted while holding backspace.
>>51956696
this. >>51956385 is retarded
>>51951051
>you can break into a computer that doesn't have FDE if you have physical access
Oh nooooo.
Wait, there are already tons of ways to do this.
People who fall for this meme really are /v/ children.
>>51951232
>Imagine the outcry if Windows had a similar vulnerability, you fags would never shut up about it
>I have to shitpost because the people who dislike things that I like also shitpost
If this is why you shitpost, you're the reason why /g/ is awful. You don't have to participate in the retarded shitposting arms race between Windows and Linux users.
>>51957287
how else to draw them into the mac master race
>>51951051
Slackware master race reporting in. That feeling when you use lilo.
