This "exploit" requires physical access to the machine. Quite frankly, if an attacker has physical access to your machine, you've got problems. Linux boot disks can be used to "attack" linux systems just as easily. It's NOT a deficiency in the file system. Two things I always do to prevent this: 1. Set the boot order such that only the hard drive is in the boot sequence. (This also prevents a lot of viruses on DOS and Win systems in the business environment.) 2. Password-protect the BIOS (administrator password) This *still* does not protect absolutely against an attacker who has physical access to the machine, but it does force them to open the case to do it. (By resetting the BIOS by shorting the jumper, or temporarily removing the hard-drive to a machine they have root/administrator access on.) There's nothing new or unique about this sort of attack. Michael J. Sheldon Internet Applications Developer Phone: 480.699.1084 http://www.desertraven.com/ PGP Key Available on Request -----Original Message----- From: plug-discuss-admin@lists.PLUG.phoenix.az.us [mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Lucas Vogel Sent: Tuesday, February 22, 2000 06:45 To: plug-discuss@lists.PLUG.phoenix.az.us Subject: Re: Article in recent 2600 mag Kevin Brown wrote: > > I don't know how many of you guys/gals read 2600, but in the most recent issue > that I picked up (V 16, #4) are several articles for using Linux to "break > into"/"Gain access to" NTFS partitions using the floppy distro Trinux. It talks > about both the positive side (getting access to back up data after a fatal > crash) and the negative side (getting access for devious/malicious purposes). > It is an interesting article and should be nice info for those of us who, > *shudder*, work on NT systems with NTFS partitions. > Before I start shuddering, may I ask-is this the only filesystem that has this kind of available exploit? -- Lucas Vogel lucas7@home.com ICQ: 44697169 _______________________________________________ Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss