On Mon, Oct 19, 1998 at 09:51:43AM +0100, Paul Crowley wrote:
> George Bonser <[EMAIL PROTECTED]> writes:
> > My problem with encrypted filesystems is that if you loose the key, you
> > might as well mkfs the drive.
>
> There are ways around this. You could, for example, break the key
> into five
George Bonser <[EMAIL PROTECTED]> writes:
> My problem with encrypted filesystems is that if you loose the key, you
> might as well mkfs the drive.
There are ways around this. You could, for example, break the key
into five pieces using a secret sharing scheme and put them in five
different secur
-> >Basic Unix Secruity 101 - If the person has physical access to the
-> >machine, there *IS* *NO* *SECURITY*. Want proof?
-> >
-> >I pop the HD out, place it as slave on my machine, mount what I want,
end
-> >of story. Before this thread goes any further I recommend that anyone who
->
On 12 Oct 98 21:21:48 GMT, "Steve Lamb" <[EMAIL PROTECTED]>
wrote:
>Basic Unix Secruity 101 - If the person has physical access to the
>machine, there *IS* *NO* *SECURITY*. Want proof?
>
>I pop the HD out, place it as slave on my machine, mount what I want, end
>of story. Before this thr
On 10/12/98 at 08:30 AM, "Helge Hafting" <[EMAIL PROTECTED]>
said:
>Most x86 pc's can be set to boot from harddisk *only*, with a password-
>protected bios. This means the machine is safe as long as people don't
>remove the cover.
Unless of course the BIOS accepts the tech support password. And
[EMAIL PROTECTED] writes:
> It's a matter of threat assessment and the value of what you are
> protecting. We can get paranoid and put gun towers on every corner of our
> homes because someone might want to interrupt power and communications to
> our personal linux server. Recently, I was reading
Helge Hafting <[EMAIL PROTECTED]> writes:
> How to avoid this? Shielded equipment, or simply a machine
> without a video card. Displaying only non-sensitive data
> is safe too of course.
There is also a software solution for preventing radiating data by
this way (See comp.risks, I think, look f
Michael Beattie <[EMAIL PROTECTED]> writes:
> other=/dev/hda1
> label=Win
> loader=/boot/chain.b
> table=/dev/hda
> [end]
This means a malicious person will be able to download the ext2 driver
in Win95 (if it is running) and the person will be able to read
shadow.
--
[EMAIL PRO
When Steve Lamb wrote, I replied:
>
> On Mon, 12 Oct 1998 14:58:39 +0100, Ralf G. R. Bergs wrote:
>
> >>This is a security hole ONLY if someone has access to the machine
> >>itself.
These techniques are useable on any computer running any operating
system
not just Linux or UNIX. Physical access
On Mon, 12 Oct 1998 14:58:39 +0100, Ralf G. R. Bergs wrote:
>>This is a security hole ONLY if someone has access to the machine
>>itself.
>This is not exactly uncommon, especially in computer labs.
Basic Unix Secruity 101 - If the person has physical access to the
machine, there *IS* *NO* *S
On Mon, 12 Oct 1998 05:21:25 -0700 (PDT), Kenneth Scharf wrote:
>This is a security hole ONLY if someone has access to the machine
>itself.
This is not exactly uncommon, especially in computer labs.
>>What's wrong with giving LILO a kernel command line of "init=/bin/sh"?
>This way
>>you boot st
This is a security hole ONLY if someone has access to the machine
itself. I bet many UNIX machines have a similar problem. Thats why
I've seen PDP mini computers where the power switch was under lock and
key, and the front panel on these machines was also lockable. Most
PC's used to have a keybo
In <[EMAIL PROTECTED]>, on 10/11/98
at 01:15 AM, Marcus Brinkmann <[EMAIL PROTECTED]>
said:
[...]
>However, I said that the power chord should be removed. the reason is
>that I think you can get the monitor screen, user input etc from
>radiation led through the power chord. This may be hard
In <[EMAIL PROTECTED]>, on 10/10/98
at 01:13 PM, Shaleh <[EMAIL PROTECTED]> said:
>But people can always yank the power cord. Follow Paul's advice -- make
>the machine physically in-accessible. Lock it, fence it in, whatever.
>Locking racks is also nice. That way people can't even see the
On Sat, Oct 10, 1998 at 01:13:17PM -0400, Shaleh wrote:
> But people can always yank the power cord. Follow Paul's advice -- make the
> machine physically in-accessible. Lock it, fence it in, whatever. Locking
> racks is also nice. That way people can't even see the machine, just a big
> cabin
On Sat, 10 Oct 1998, Shaleh wrote:
> But people can always yank the power cord. Follow Paul's advice -- make the
> machine physically in-accessible. Lock it, fence it in, whatever. Locking
> racks is also nice. That way people can't even see the machine, just a big
> cabinet.
>
> What if it i
But people can always yank the power cord. Follow Paul's advice -- make the
machine physically in-accessible. Lock it, fence it in, whatever. Locking
racks is also nice. That way people can't even see the machine, just a big
cabinet.
What if it is a workstation in a lab? Then disable as much
>
> ANOTHER REASON TO PLACE THE SERVERS IN A PHYSICALLY SECURE LOCATION:
>
> I was having an important discussion with a customer that I built a linux
> server for. He brought his young child with him to his office that
> evening. The child behaves very poorly. Guess what button he pressed? The
>
Marcus is absolutely right.
SERVERS:
This is a common misconception. People need to realize that physical
security is required. Place the servers behind locked doors. Disk
controllers which provide encryption/decryption (without performance
penalty) cost extra money. Soft encryption would defini
On Sat, Oct 10, 1998 at 11:26:30AM +0200, Norbert Nemec wrote:
> On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:
>
> >On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
> >
> >[...]
> >>ALlow me to translate. Boot the rescue disk as if you are installing,
> >[whole story d
On Sat, 10 Oct 1998, Norbert Nemec wrote:
> On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:
>
> >On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
> >
> >[...]
> >>ALlow me to translate. Boot the rescue disk as if you are installing,
> >[whole story deleted]
> >
> >Hey g
On Sat, 10 Oct 1998 10:42:52 +0100, Ralf G. R. Bergs wrote:
>On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
>
>[...]
>>ALlow me to translate. Boot the rescue disk as if you are installing,
>[whole story deleted]
>
>Hey guys, why so complicated???
>
>What's wrong with giving LILO a
On Sat, 10 Oct 1998 00:52:49 -0700 (PDT), George Bonser wrote:
[...]
>ALlow me to translate. Boot the rescue disk as if you are installing,
[whole story deleted]
Hey guys, why so complicated???
What's wrong with giving LILO a kernel command line of "init=/bin/sh"? This way
you boot straight in
On Sat, 10 Oct 1998, Marcus Brinkmann wrote:
> On Sat, Oct 10, 1998 at 02:09:27PM +1000, Clement wrote:
> > Hi,
> >
> > I lost the root passwd on a machine. Can someone give me a hand to
> > re-establish a new one? I lost the procedures somewhere.
>
> Boot with a boot floppy (the rescue disk).
On Sat, Oct 10, 1998 at 02:09:27PM +1000, Clement wrote:
> Hi,
>
> I lost the root passwd on a machine. Can someone give me a hand to
> re-establish a new one? I lost the procedures somewhere.
Boot with a boot floppy (the rescue disk). Kill the passwd form /etc/passwd
or /etc/shadow if you have
Hi,
I lost the root passwd on a machine. Can someone give me a hand to
re-establish a new one? I lost the procedures somewhere.
Thank you very much.
Regards,
Clement
26 matches
Mail list logo
