Re: CRIME Microsoft Windows XP question

From: Shaun Savage (savages@private)
Date: Thu Jan 02 2003 - 19:08:09 PST

Next message: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"

Previous message: Brian Beattie: "Re: CRIME Microsoft Windows XP question"
In reply to: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Next in thread: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Reply: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Reply: Brian Beattie: "Re: CRIME Microsoft Windows XP question"
Reply: Brian Beattie: "Re: CRIME Microsoft Windows XP question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If the boot sequence requires 'password' within the OS to access the OS
then even if someone boot the machine with evil in their head, the OS
will not decrypt it self with out the correct password.  This easily
done with a modified init program.

The object is to protect the password file and other boot programs/data.
~ If they are encrypted with only one way to access them then you may
lose data but the system would be safe.

I use a USB key that init reads.

Shaun


Crispin Cowan wrote:
| Shaun Savage wrote:
|
|> Even though Linux is not totally secure, it is an order of magnitude
|> better than any MSwindows product.  Buy using SELinux, (which is free)
|> or WireX (which is good), a person can improve security where socal
|> engineering is the only fesible way.
|
|
| While I appreciate the praise, neither Immunix nor SELinux provide
| security against physical access. The problem is below the operating
| system, in the BIOS: by default, the hardware/BIOS looks at removable
| media (floppy, CD, DVD) ahead of looking at the hard drive to boot from.
| To 0wn the machine, just insert a malicious disk and reboot.
|
|> Open Source Linux Rules
|
|
| Linux, security-enhanced or not, is subject to the same threat.
|
| To prevent this attack, while also offering physical access (i.e. in a
| public kiosk or a school lab) you have to physically block the removable
| media. For instance, you remove the CD and floppy drives from the
| machine, and then encase the whole box in a locked cabinet so the
| attacker can't install their own drives.
|
| Protecting a home PC from your kids is flat out impossible. If it still
| is important to have this protection, get a door lock.
|
| Crispin


- --
savages@private
GPG = B527 8F72 BAFA D490 6B30  6885 9FA2 34E8 EA73 F975
Public key at  http://www.savages.net/gpg/savages

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+FP6Wn6I06Opz+XURAnVLAJ9DhK7UepGQDwIir6fT433Yvw4/4gCfS3UT
1sbJU+wAX3jJMyryaqESzHk=
=mdpU
-----END PGP SIGNATURE-----

Next message: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Previous message: Brian Beattie: "Re: CRIME Microsoft Windows XP question"
In reply to: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Next in thread: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Reply: Crispin Cowan: "Re: CRIME Microsoft Windows XP question"
Reply: Brian Beattie: "Re: CRIME Microsoft Windows XP question"
Reply: Brian Beattie: "Re: CRIME Microsoft Windows XP question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 23:36:25 PST