How to hack any Linux machine just using backspace

[RV_]

Check your systems easily. 28 backspaces.

 

Excerpt:

 

"A rather embarrassing bug has been discovered which allows anyone to break into a Linux machine with ease.

 

If you press the backspace key 28 times on a locked-down Linux machine you want to access, a Grub2 bootloader flaw will allow you to break through password protection and wreck havoc in the system.

 

Researchers Hector Marco and Ismael Ripoll from the Cybersecurity Group at Universitat Politècnica de València recently discovered the vulnerability within GRUB, the bootloader used by most Linux distros.

 

The researchers discovered the flaw within GRUB2, of which versions 1.98 to 2.02 are affected. These versions were released between 2009 and today, which makes the vulnerability a long-standing and serious problem.

 

In a security advisory, Marco and Ripoli said the bootloader is used by most Linux distributions, resulting in an "incalculable number of affected devices."

 

The full article with links can be found here: http://www.zdnet.com/article/how-to-hack-any-linux-machine-just-using-backspace/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

[Biker56]

[k4rs]

This security flaw was announced on December 14th. My log of updates shows that I receive the fix on December 16th (the same day the PCWorld article was published). Considering that someone would have to have physical access to my computer and the flaw was patched within two days, I think this vulnerability has been blown WAY out of proportion.

 

Screaming headlines make good click bait to increase page hits though.

 

Safe Travels...

[RV_]

The vulnerability was there for six years. Access vulnerabilities don't count if a locked machine can only be accessed physically? Then why bother to patch it? No need.

[DJW]

RV

 

Is that like blowing smoke up someone's ?

 

Dennis

[RV_]

Something like that. I think the Linux folks are inordinately sensitive. One of them if you remember was the biggest "EVs won't be produced" poster here calling the Tesla "Vaporware"

[Dollytrolley]

Check your systems easily. 28 backspaces.

 

Excerpt:

 

"A rather embarrassing bug has been discovered which allows anyone to break into a Linux machine with ease.

 

If you press the backspace key 28 times on a locked-down Linux machine you want to access, a Grub2 bootloader flaw will allow you to break through password protection and wreck havoc in the system.

 

Researchers Hector Marco and Ismael Ripoll from the Cybersecurity Group at Universitat Politècnica de València recently discovered the vulnerability within GRUB, the bootloader used by most Linux distros.

 

The researchers discovered the flaw within GRUB2, of which versions 1.98 to 2.02 are affected. These versions were released between 2009 and today, which makes the vulnerability a long-standing and serious problem.

 

In a security advisory, Marco and Ripoli said the bootloader is used by most Linux distributions, resulting in an "incalculable number of affected devices."

 

The full article with links can be found here: http://www.zdnet.com/article/how-to-hack-any-linux-machine-just-using-backspace/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

 

 

MERRY CHRISTMAS RV...........from the barely 1 % of desktop / notebook users..........Us "FEW" "L-Heads" don't do patches..........heck 28 backspaces iz 2 BiG a number fer uz ta deeel wid.........bee-sidz.....Whoo-in-tarnation wood wana git inn R puttter.......shukzz it jus gott thad theeer "L-OS' Sovware inn itt........

 

Hugzz-N-Kissezzz RV

[Dutch_12078]

Oh for Pete's sake! I use both Linux and Windows... Windows has security bugs that haven't been patched in many years that don't require physical access. Get over it...

 

"Security researchers have unearthed a serious security flaw in all supported versions of Windows that could let hackers steal users’ credentials from computers, tablets or servers running any version of Windows operating system, including the as-yet-released Windows 10."

"This vulnerability in Windows was first discovered 20 Years ago:"

"The critical bug, dubbed "Redirect to SMB," is a variant of a vulnerability found in Windows by researcher Aaron Spangler nearly 18 years ago that caused Windows to expose a user's Windows username and password automatically."

18-year-old Unpatched Vulnerability...

[RV_]

Thanks Dutch,

If I hadn't known that would be good to know last April. No claims that your post is hype, and it isn't.

 

Windows users know that the patches we need will be there just as Roger's was patched. We don't claim every vulnerability found is FUD. Heck, I don't remember ever being that insecure about a windows vulnerability I felt the need to jump on the poster. But that's me.

 

I post vulnerabilities about Apple and Windows regularly too. I won't be shouted down by two or now three. If you guys don't like reading about vulnerabilities then don't read them. I believe some folks think I target them. The truth is that they are of no concern to me.

 

Running up post counts? Man, that is a first. I guess it is a concern for some that bring it up. If I wanted that I would just do a million one and two liners.

 

Do you use a distro that already patched it and allow automatic updates? If so great! The post did what it was supposed to do.

 

Happy Holidays!

[mscans]

RV, being politically incorect it is . . .Merry Christmas. And a Merry Christmas to you and yours!

[Dutch_12078]

Derek, my post was meant to point out that long term bugs are not unique to any one OS, and there's no reason to jump on anyone for posting a notice about one. With the deep market penetration of OS's using the Linux, NT, and to a lesser extent XNA kernels, there will always be bugs to be discovered by researchers and swatted down by OS developers. Keep on reporting them as they become known.

[TheDuke]

Rv: I love it when you post security issues with other OSs than windows. Their usual defense is "that is not an issue because -----" and "Windows has many more issues".

For the uninformed, a lot of security issues in Windows is caused by overruns in an area of code such as the one in Linux. So by saying " who would do that" misses the point. Remember, someone did exactly that.

[k4rs]

RV, I hope you don't think I was saying you were out of line. Heck, I appreciate the heads up. It was the articles linked to that I thought were over hyping the issue. Bugs are found and patched all the time in all operating systems.

 

Safe Travels...