Re: grub2 security problem

2015-12-20 Thread Anders Andersson
On Sun, Dec 20, 2015 at 5:00 AM, David Christensen wrote: > > Another, additional, option is self-encrypting drives (SED), which are > operating system agnostic and protect the entire contents of drive with zero > CPU overhead. Emphasis on the word "additional" here.

Re: grub2 security problem

2015-12-20 Thread tomas
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 20, 2015 at 04:08:30PM +0100, Anders Andersson wrote: > On Sun, Dec 20, 2015 at 5:00 AM, David Christensen > wrote: > > > > Another, additional, option is self-encrypting drives (SED), which are > > operating

Re: grub2 security problem

2015-12-20 Thread Gene Heskett
On Sunday 20 December 2015 09:51:04 to...@tuxteam.de wrote: > On Sun, Dec 20, 2015 at 04:08:30PM +0100, Anders Andersson wrote: > > On Sun, Dec 20, 2015 at 5:00 AM, David Christensen > > > > wrote: > > > Another, additional, option is self-encrypting drives (SED),

Re: grub2 security problem

2015-12-20 Thread Pascal Hambourg
David Christensen a écrit : > > A good defense against an attacker with physical access is LUKS > encryption on all partitions except /boot. Ecryption alone does not protect agains attack scenarios involving /boot tampering.

Re: grub2 security problem

2015-12-19 Thread Joe Pfeiffer
Michael Fothergill writes: > Dear Folks, > > I noticed some articles suggesting that there is a security problem in > grub2. > > E.g. > > http://thehackernews.com/2015/12/hack-linux-grub-password.html > > ​Is there any substance to this? Yes, for the

Re: grub2 security problem

2015-12-19 Thread David Christensen
On 12/19/2015 08:59 AM, Joe Pfeiffer wrote: Michael Fothergill writes: I noticed some articles suggesting that there is a security problem in grub2. E.g. http://thehackernews.com/2015/12/hack-linux-grub-password.html ​Is there any substance to this? Yes,

Re: grub2 security problem

2015-12-19 Thread Joe
On Sat, 19 Dec 2015 09:35:57 + Michael Fothergill wrote: > Dear Folks, > > I noticed some articles suggesting that there is a security problem in > grub2. > > E.g. > > http://thehackernews.com/2015/12/hack-linux-grub-password.html > > ​Is there any

Re: grub2 security problem

2015-12-19 Thread Brad Rogers
On Sat, 19 Dec 2015 09:35:57 + Michael Fothergill wrote: Hello Michael, >​Is there any substance to this? ​ Yes, but it's been rectified. See for the full security announcement.

Re: grub2 security problem

2015-12-19 Thread Michael Fothergill
On 19 December 2015 at 11:50, Brad Rogers wrote: > On Sat, 19 Dec 2015 09:35:57 + > Michael Fothergill wrote: > > Hello Michael, > > >​Is there any substance to this? > ​ > Yes, but it's been rectified. See >

grub2 security problem

2015-12-19 Thread Michael Fothergill
Dear Folks, I noticed some articles suggesting that there is a security problem in grub2. E.g. http://thehackernews.com/2015/12/hack-linux-grub-password.html ​Is there any substance to this? Regards Michael Fothergill ​

Re: grub2 security problem

2015-12-19 Thread Teemu Likonen
Michael Fothergill [2015-12-19 09:35:57Z] wrote: > I noticed some articles suggesting that there is a security problem in > grub2. > http://thehackernews.com/2015/12/hack-linux-grub-password.html > > ​Is there any substance to this? Didn't check myself but it seems so: