Article in recent 2600 mag

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: MikeSheldonmsheldon@desertraven.com
Date:  
Subject: Article in recent 2600 mag
This "exploit" requires physical access to the machine. Quite frankly, if an
attacker has physical access to your machine, you've got problems. Linux
boot disks can be used to "attack" linux systems just as easily. It's NOT a
deficiency in the file system.

Two things I always do to prevent this:
1. Set the boot order such that only the hard drive is in the boot
sequence. (This also prevents a lot of viruses on DOS and Win systems in the
business environment.)
2. Password-protect the BIOS (administrator password)

This *still* does not protect absolutely against an attacker who has
physical access to the machine, but it does force them to open the case to
do it. (By resetting the BIOS by shorting the jumper, or temporarily
removing the hard-drive to a machine they have root/administrator access
on.)

There's nothing new or unique about this sort of attack.

Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request

-----Original Message-----
From:
[mailto:plug-discuss-admin@lists.PLUG.phoenix.az.us]On Behalf Of Lucas
Vogel
Sent: Tuesday, February 22, 2000 06:45
To:
Subject: Re: Article in recent 2600 mag


Kevin Brown wrote:
>
> I don't know how many of you guys/gals read 2600, but in the most recent

issue
> that I picked up (V 16, #4) are several articles for using Linux to "break
> into"/"Gain access to" NTFS partitions using the floppy distro Trinux. It

talks
> about both the positive side (getting access to back up data after a fatal
> crash) and the negative side (getting access for devious/malicious

purposes).
> It is an interesting article and should be nice info for those of us who,
> *shudder*, work on NT systems with NTFS partitions.
>


Before I start shuddering, may I ask-is this the only filesystem that
has this kind of available exploit?


--
Lucas Vogel

ICQ: 44697169


_______________________________________________
Plug-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss