Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Linux, BSD, and Unix are fundamentally insecure.

3 views
Skip to first unread message

Mike Cox

unread,
Sep 10, 2004, 12:00:34 AM9/10/04
to
An opensource consultant visited my workplace recently and was
upstaged by my MCSEs. The consultant went over my head and made a
sales call to the owner of the company who decided to see a demo of
the various flavors of *nix. My boss was interested due to the
consultant's claims of a lower total cost of ownership and more
security.

When this consultant showed up, my MCSEs were ready to show how much
more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
When the consultant was done with the demo, my MCSE, Scott, went up to
the Linux box, and did the following:

linux init=/bin/sh
mount -o remount -rw /
mount /proc
passwd
mount -o remount -ro /
umount /proc

When Scott rebooted the machine, he typed in the new root password and
was in. The consultants jaw dropped, my boss laughed, and will now
trust my MCSE's judgement in all things related to IT in the company.

Free Code

unread,
Sep 10, 2004, 12:22:27 AM9/10/04
to

So, one poor consultant makes a decision for your company? I would have
been impressed except your MCSE did a parlour trick and nothing more. Had
you had something to explain about a real problem that cannot be stopped,
I might listen.

Instead, it's just a sad comment of an astroturfer.

Have a nice day.

freecode

GreyCloud

unread,
Sep 10, 2004, 12:31:10 AM9/10/04
to

Sounds like you have a load in your pants too. Go put whineblowz on the
internet and see how many viruses and worms it gets. Your cost of
ownership just shot up off the charts. UNIX doesn't have this costly
problem. Better yet, ask your stupid MSCE just how much M$ cost the IT
industry in damages. Like its over $2billion. No o/s ever caused this
much damage except M$.

--
---------------------------------
The Golden Years Sux.

Ralph

unread,
Sep 10, 2004, 12:45:28 AM9/10/04
to
Mike Cox wrote:

> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs. The consultant went over my head and made a
> sales call to the owner of the company who decided to see a demo of
> the various flavors of *nix. My boss was interested due to the
> consultant's claims of a lower total cost of ownership and more
> security.
>
> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>
> linux init=/bin/sh

How did you get past the password? Really, if you are going to harp on this
one, try:

linux 1

if that fails, try

linux single

> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc

Hell of a lot of work when just passwd would do. That is IF you actually
knew what you were doing.

>
> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

Shitty consultant. He didn't know the first thing about securing linux.

Make lilo.conf readable only by root and add the lines

password=<password>
restricted

run the command lilo

Issue taken care of.


--
By popular demand, it's back to "more Mutt Nut Logic": based on a Netcraft
stat that showed Debian a distant second most deployed Linux distribution
web server platform mutt nuts claim Debian is most popular Linux
distribution and that some how showed Mutt's wide use. And they call ME
crazy!!

Panama Red

unread,
Sep 10, 2004, 1:21:57 AM9/10/04
to
I believe it was Mike Cox who said...

One time I showed up all the MCSEs at work by clubbing the fuck out of
one of their windows servers with an ordinary office chair.

Hamilcar Barca

unread,
Sep 10, 2004, 1:25:43 AM9/10/04
to
In article <3d6111f1.04090...@posting.google.com> (Thu, 09 Sep

2004 21:00:34 -0700), Mike Cox wrote:

> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

Your story is surprisingly uninteresting and, to top it off, amazingly
fictitious.

--
"When we speak of Free Software, we are referring to freedom, not price."
-- Richard M. Stallman

cmad

unread,
Sep 10, 2004, 1:26:16 AM9/10/04
to
Mike Cox wrote:

> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.

$$$$$

> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:

And he had to first get past the initial password check to do that,
right? But in front of him he had a box, where he had root access. Of
course he could do the below, and many many others.

> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc

Is it just me or did he do a "skills showoff"? 5/6 of the above commands
needn't have been typed.

> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

If you want to run Windows, run Windows; no one is stopping you.... But
believing that *nix is insecure because someone with root access to it
changed the password is quite funny.

Ralph

unread,
Sep 10, 2004, 1:37:40 AM9/10/04
to
cmad wrote:

> Mike Cox wrote:
>
>> When this consultant showed up, my MCSEs were ready to show how much
>> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>
> $$$$$
>
>> When the consultant was done with the demo, my MCSE, Scott, went up to
>> the Linux box, and did the following:
>
> And he had to first get past the initial password check to do that,
> right? But in front of him he had a box, where he had root access. Of
> course he could do the below, and many many others.
>
>> linux init=/bin/sh
>> mount -o remount -rw /
>> mount /proc
>> passwd
>> mount -o remount -ro /
>> umount /proc
>
> Is it just me or did he do a "skills showoff"? 5/6 of the above commands
> needn't have been typed.

If he was doing a "skills showoff" and typed 5 times the number of required
commands, I would say he failed. Any Linux/UNIX pro I know about sees the
skilled person as the person that uses the cleanest solution. Or the one
that comes up with the most useless use of cat:

http://tinyurl.com/4ss6z


Cancerous Jaw

unread,
Sep 10, 2004, 1:52:54 AM9/10/04
to
cmad wrote:

> If you want to run Windows, run Windows; no one is stopping you.... But
> believing that *nix is insecure because someone with root access to it
> changed the password is quite funny.

Why is it that Windopers never take that advice.

Here, go use Windopes and leave us alone.

Please, enjoy yourselves.

But no, they have to skank their way around us...

Message has been deleted

Cancerous Jaw

unread,
Sep 10, 2004, 1:58:05 AM9/10/04
to
Free Code wrote:

> So, one poor consultant makes a decision for your company? I would have
> been impressed except your MCSE did a parlour trick and nothing more. Had
> you had something to explain about a real problem that cannot be stopped,
> I might listen.

These M$ trolls are like the Japanese stranded on Pacific atolls after WWII
who never got word that the U.S. won. So, they continue to fight on for
decades.

Message to Trolls: The War is Over; Linux Won.


Cancerous Jaw

unread,
Sep 10, 2004, 2:00:24 AM9/10/04
to
Mike Cox wrote:

> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

Dropped? Sort of like a Neanderthal.

Please, stay in the "land that time forgot".

We are moving on: to Linux. The Future.

Peter Jensen

unread,
Sep 10, 2004, 2:41:07 AM9/10/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Cox wrote:

> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>
> linux init=/bin/sh

[Snip]

Give it a rest, "Mike"! You already tried this troll at least three
times in the past (2 minutes of googling, can't be bothered to find more
examples, though I think there are):

06 Dec 2003: <3d6111f1.03120...@posting.google.com>
08 Dec 2003: <3d6111f1.03120...@posting.google.com>
10 Apr 2004: <c5ab8q$2obu7s$1...@ID-222658.news.uni-berlin.de>

You keep ignoring that you can encrypt both the boot loader and any
disks/partitions you want secured. Physical security is the hardest to
implement in the system, but it's quite possible with Linux, and I would
assume also with the other *nix variants. By default neither Linux nor
Windows implement physical security in the system, as it's resource
intensive and is usually handled with external policies instead. That
MCSE would never be allowed close to my computer, for instance, so he
would have some trouble typing those commands at the boot loader ...

[Followup-To: comp.os.linux.advocacy]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBQUx/d1ZThqotgfgRAl58AKCcHTKqq0w+xwZGzrZA5qPL1qAmSwCgrUp+
UOjpx0LWY67KKu4z962niGs=
=bVza
-----END PGP SIGNATURE-----
--
PeKaJe

QOTD: "He's on the same bus, but he's sure as hell got a different ticket."

Donn Miller

unread,
Sep 10, 2004, 3:35:37 AM9/10/04
to
Mike Cox wrote:
> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs.

LOL! This is some of the funniest stuff I've seen in here. Of course
Cox has been trolling OpenBSD, saying it can't be secure because it
doesn't have ASP.NET.

Message has been deleted

Hacking Coff

unread,
Sep 10, 2004, 4:57:04 AM9/10/04
to
Mike Cox wrote:
> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs. The consultant went over my head and made a
> sales call to the owner of the company who decided to see a demo of
> the various flavors of *nix. My boss was interested due to the
> consultant's claims of a lower total cost of ownership and more
> security.
>
> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.

MCSE Lesson #1 - How to show that *nix is less secure than Windows.

MCSE Lesson #2 - How to show that *nix costs more than Windows.

MCSE Lesson #3 - How to troll COLA.

I think that about covers the MCSE course load.


> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>
> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc
>
> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

I'm surprised the management didn't ask if there were measures that
could be taken to prevent this. I'm surprised the management didn't ask
if similar steps could be taken to compromise a Winders box.

Oh wait. No I'm not.

Rudolf Polzer

unread,
Sep 10, 2004, 5:48:12 AM9/10/04
to
»Mike Cox« <mikeco...@yahoo.com> wrote:
> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>
> linux init=/bin/sh
Password:

Yes, when using LILO, you should read the comments in lilo.conf.
Same goes for other boot loaders.

> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc

BTW, there are similar tools for Windows - and reading data from NTFS is
even easier. Unless the BIOS setup is locked up...

but those who lock the BIOS to prevent booting from floppy/CD-ROM also
can lock up their boot loader.


--
/ --- Where bots rampage, I'm there to take them down! --- \
/ ------ Where trouble arises, I'm there to cause it! ------ \
\ Where an enemy tries to frag me, victory will be mine!!!1! /
{{dup[exch{dup exec}fork =}loop}dup exec >> http://www.ccc-offenbach.org <<

Rudolf Polzer

unread,
Sep 10, 2004, 5:55:26 AM9/10/04
to
»Ralph« <not...@doing.com> wrote:
> Shitty consultant. He didn't know the first thing about securing linux.
>
> Make lilo.conf readable only by root and add the lines
>
> password=<password>
> restricted
>
> run the command lilo
>
> Issue taken care of.

Nope.

Reboot, press Del and make the hard drive the only boot device. Ensure
it really is (sometimes booting from USB sticks has to be disabled
somewhere else).

Yes, it is obvious. But often people forget that.

Now the attacker has to open the case. Against that only a crypot-fs can
help.

Donn Miller

unread,
Sep 10, 2004, 6:15:07 AM9/10/04
to
William Poaster wrote:
> begin It was on Fri, 10 Sep 2004 03:35:37 -0400, that Donn Miller wrote
> this:
> He's one stupid troll. I don't know who the hell he thinks he's kidding.

From the tone of his posts, I'd guess MSCE's.

:-)

mlw

unread,
Sep 10, 2004, 7:03:03 AM9/10/04
to
Mike Cox wrote:

[snipped]

So, what you are saying is that someone with physical access to a machine
can gain access to it?

LOL, are you insane?

There isn't a single PC based computer, regardless of operating system, that
can not be accessed if you have physical access to the machine and are able
to reboot it. Hell, I can put knoppix on a CD and get anything I want off
anything. Some PCs can boot off USB drives.

All of this falls into the "so what" category.

If this is a fear to you, put a boot password on the machine.


Message has been deleted

cmad

unread,
Sep 10, 2004, 7:56:30 AM9/10/04
to
Cancerous Jaw wrote:

> cmad wrote:
>
>
>>If you want to run Windows, run Windows; no one is stopping you.... But
>>believing that *nix is insecure because someone with root access to it
>>changed the password is quite funny.
>
>
> Why is it that Windopers never take that advice.

We wouldn't have been calling them wintrolls if they were cooperative,
would we? -_-

S.Heenan

unread,
Sep 10, 2004, 8:04:08 AM9/10/04
to

I'll sort that one in 30 seconds without opening the case.

Michel Talon

unread,
Sep 10, 2004, 9:01:42 AM9/10/04
to
In comp.unix.bsd.freebsd.misc Mike Cox <mikeco...@yahoo.com> wrote:
>
> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc
>
> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

You are a famous ignorant for not knowing this trick since ages, and not
knowing the way to circumvent it. By the way you are even more ignorant
since you don't know that one can also erase the Windows passwds booting
the machine with an appropriate CDROM, and doing simple tricks. A few
minutes search on Google will show you the whole story and will not cost
you a cent contrary to your consultants.

--

Michel TALON

Ben O'Brien

unread,
Sep 10, 2004, 9:08:03 AM9/10/04
to
Mike Cox wrote:
<some bullshit>

Mike Cox eh? Sure that isn't spelled Rosoft?

General Protection Fault

unread,
Sep 10, 2004, 9:42:42 AM9/10/04
to
["Followup-To:" header set to comp.os.linux.advocacy.]

Any machine is insecure if you have physical access to it.

I can remove a hard drive from a "secure" NT machine and mount it in my own
box and read everything.


--
FreeBSD 4.8-RELEASE i386
8:40AM up 173 days, 43 mins, 1 user, load averages: 0.00, 0.00, 0.00

General Protection Fault

unread,
Sep 10, 2004, 9:44:13 AM9/10/04
to
["Followup-To:" header set to comp.os.linux.advocacy.]
On Fri, 10 Sep 2004 08:26:16 +0300, cmad wrote:
> Mike Cox wrote:
>
>> When this consultant showed up, my MCSEs were ready to show how much
>> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>
> $$$$$
>
>> When the consultant was done with the demo, my MCSE, Scott, went up to
>> the Linux box, and did the following:
>
> And he had to first get past the initial password check to do that,
> right? But in front of him he had a box, where he had root access. Of
> course he could do the below, and many many others.

No, he typed "linux init=/bin/sh" at the boot loader. You don't need the
root password for that.

spi...@freenet.co.uk

unread,
Sep 10, 2004, 10:03:32 AM9/10/04
to
In comp.os.linux.advocacy Rudolf Polzer <div...@gmail.com> wrote:
>>
>> run the command lilo
>>
>> Issue taken care of.

> Nope.

> Reboot, press Del and make the hard drive the only boot device. Ensure
> it really is (sometimes booting from USB sticks has to be disabled
> somewhere else).

> Yes, it is obvious. But often people forget that.

Nope, password protect the BIOS.

> Now the attacker has to open the case. Against that only a crypot-fs can
> help.

Padlock the case so they can't get at the bios reset jumper or battery...
then just to make sure, chain the pc to a desk.

That's as secure as a pc can get short of welding the case shut.

(Of course, they could always open the case with some tinsnips or remove the
padlock with bolt cutters :) )

Liam Slider

unread,
Sep 10, 2004, 10:10:58 AM9/10/04
to
On Fri, 10 Sep 2004 04:57:04 -0400, Hacking Coff wrote:

> MCSE Lesson #1 - How to show that *nix is less secure than Windows.
>
> MCSE Lesson #2 - How to show that *nix costs more than Windows.
>
> MCSE Lesson #3 - How to troll COLA.
>
> I think that about covers the MCSE course load.


You forgot...

MCSE Lesson #4 - How to reinstall Windows in order to solve every single
Windows problem.

S.Heenan

unread,
Sep 10, 2004, 10:15:40 AM9/10/04
to


If you have to open the case to remove the BIOS password, you don't know
much.

--
"I want to make it clear that DRM is perfectly ok with Linux!" -Linus


S.Heenan

unread,
Sep 10, 2004, 10:39:07 AM9/10/04
to


data: array[0..31] of byte = (
$31, $DB, $B3, $10, $88, $D8, $E6, $70, $E6, $ED, $B0, $FF, $E6, $71, $43,
$81,
$FB, $80, $00, $73, $02, $EB, $ED, $B4, $4C, $CD, $21, $66, $00, $BE, $26,
$82
);

HTH


Philip Callan

unread,
Sep 10, 2004, 11:09:20 AM9/10/04
to
Mike Cox wrote:
> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs. The consultant went over my head and made a
> sales call to the owner of the company who decided to see a demo of
> the various flavors of *nix. My boss was interested due to the
> consultant's claims of a lower total cost of ownership and more
> security.
>
> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>

Thats a nice trick, maybe after your fire a Windows 2000 sp3/sp4 Pro CD
into the XP machines, and are able to mount/access/change any data you
want from the recovery console, and here's the kicker /you/ don't need
to know any passwords!

ray

unread,
Sep 10, 2004, 11:14:01 AM9/10/04
to
On Thu, 09 Sep 2004 21:00:34 +0000, Mike Cox wrote:

> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs. The consultant went over my head and made a
> sales call to the owner of the company who decided to see a demo of
> the various flavors of *nix. My boss was interested due to the
> consultant's claims of a lower total cost of ownership and more
> security.
>
> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>

> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc
>
> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

So, this proves that if you have root access to a linux box, you can hack
it. And the same is not true of MS.

Cancerous Jaw

unread,
Sep 10, 2004, 11:19:57 AM9/10/04
to
Philip Callan wrote:

Or better yet, put a Suse 9.1 disk in, repartition the NTFS, install Suse in
dual boot.

Then mount the NTFS partitions in Linux and read all his 'secure' data...

Lord Merlin

unread,
Sep 10, 2004, 11:29:11 AM9/10/04
to

"ray" <r...@zianet.com> wrote in message news:2qdulpF...@uni-berlin.de...

IMHO, the only way to truly secure a PC / server is to unplug it, and lock
it away in a safe.....

--


Kind Regards
Rudi Ahlers
+27 (82) 926 1689

Greater love has no one than this, that he lay down his life for his friends
(John 15:13).


Rudolf Polzer

unread,
Sep 10, 2004, 11:31:28 AM9/10/04
to
»S.Heenan« <she...@wahs.ac> wrote:

> spi...@freenet.co.uk wrote:
> > Nope, password protect the BIOS.
[...]

> data: array[0..31] of byte = (
> $31, $DB, $B3, $10, $88, $D8, $E6, $70, $E6, $ED, $B0, $FF, $E6, $71, $43, $81,
> $FB, $80, $00, $73, $02, $EB, $ED, $B4, $4C, $CD, $21, $66, $00, $BE, $26, $82
> );

That does circumvent the BIOS password protection HOW?

To execute that, you would need access to the CMOS - that is, I/O ports
0x70, 0x71. That means root or system privileges on real operating
systems (okay, perhaps not when some idiot did a "chmod 666 /dev/nvram",
but then your machine code would probably not be usable but instead one
would do a small dd command). Thus, this will help none at all make the
computer bootable from floppy so that you can change the root password.

Nice try, try again.

Rudolf Polzer

unread,
Sep 10, 2004, 11:38:05 AM9/10/04
to
»S.Heenan« <she...@wahs.ac> wrote:
> If you have to open the case to remove the BIOS password, you don't know
> much.

I do not know much, for example.

"Your 31337 DOS trick" does not help when you cannot boot DOS or another
OS where you have administrattive rights.

Yes, I do know about old AWARD BIOSes [0]. About buggy BIOSes (like in
my old Compaq notebook [1], some newer ones according to what I heared
[2], buggy BIOS flashing routines [3]).

All of these are no generic attacks - they are bugs your dealer is
responsible for. If you find some, you have the right to make him fix
them or give you your money back. Such hardware is not worth its money.

[0]: lkwpeter
[1]: Boot lock, nice feature. Booting from floppy asks for password.
Booting from HDD works, but keyboard it not usable until password
is entered. The bug is that booting from CDROM works - without
keyboard however. The "DOS trick" in fact can delete the password
there, but it's not really required if you just want to steal some
data. Just use another input device than the keyboard (if nothing
else, plug in a USB keyboard after boot time).
[2]: booting from USB storage devices
[3]: no password question before reflashing - and after that, the
configuration is reset

S.Heenan

unread,
Sep 10, 2004, 11:45:51 AM9/10/04
to
Rudolf Polzer wrote:
> »S.Heenan« <she...@wahs.ac> wrote:
>> spi...@freenet.co.uk wrote:
>>> Nope, password protect the BIOS.
> [...]
>> data: array[0..31] of byte = (
>> $31, $DB, $B3, $10, $88, $D8, $E6, $70, $E6, $ED, $B0, $FF, $E6,
>> $71, $43, $81, $FB, $80, $00, $73, $02, $EB, $ED, $B4, $4C, $CD,
>> $21, $66, $00, $BE, $26, $82 );
>
> That does circumvent the BIOS password protection HOW?
>
> To execute that, you would need access to the CMOS - that is, I/O
> ports 0x70, 0x71. That means root or system privileges on real
> operating systems (okay, perhaps not when some idiot did a "chmod 666
> /dev/nvram", but then your machine code would probably not be usable
> but instead one would do a small dd command). Thus, this will help
> none at all make the computer bootable from floppy so that you can
> change the root password.
>
> Nice try, try again.


Wrong Kohlmann.


S.Heenan

unread,
Sep 10, 2004, 11:46:14 AM9/10/04
to
Rudolf Polzer wrote:
> »S.Heenan« <she...@wahs.ac> wrote:
>> If you have to open the case to remove the BIOS password, you don't
>> know much.
>
> I do not know much, for example.
>
> "Your 31337 DOS trick" does not help when you cannot boot DOS or
> another OS where you have administrattive rights.
>
> Yes, I do know about old AWARD BIOSes [0]. About buggy BIOSes (like in
> my old Compaq notebook [1], some newer ones according to what I heared
> [2], buggy BIOS flashing routines [3]).
>
> All of these are no generic attacks - they are bugs your dealer is
> responsible for. If you find some, you have the right to make him fix
> them or give you your money back. Such hardware is not worth its
> money.


Where did I mention DOS ?

Tom Shelton

unread,
Sep 10, 2004, 11:47:15 AM9/10/04
to
In article <pan.2004.09.10....@jvyycbnfg.zr.hx>, William Poaster wrote:
> begin It was on Fri, 10 Sep 2004 03:35:37 -0400, that Donn Miller wrote
> this:
>
>> Mike Cox wrote:
>>> An opensource consultant visited my workplace recently and was upstaged
>>> by my MCSEs.
>>
>> LOL! This is some of the funniest stuff I've seen in here. Of course Cox
>> has been trolling OpenBSD, saying it can't be secure because it doesn't
>> have ASP.NET.
>
> He's one stupid troll. I don't know who the hell he thinks he's kidding.
>

Isn't it obvious? Mike knows he is full of crap most of the time - he
is here simply to get a rise out of you... And it works every time.

--
Tom Shelton

Rudolf Polzer

unread,
Sep 10, 2004, 1:07:47 PM9/10/04
to

In your other post.

It was code directly writing to the CMOS that was obviously written for
DOS:

- using in/out to access ports
- using 16-bit instructions
- calling interrupt 21h to exit the program

So what were you referring to except for "tricks" that won't work anyway
when the system is "normally secured"?

Bas Keur

unread,
Sep 10, 2004, 1:59:20 PM9/10/04
to
> Or better yet, put a Suse 9.1 disk in, repartition the NTFS, install Suse
> in
> dual boot.
>
> Then mount the NTFS partitions in Linux and read all his 'secure' data...

Didn't we got live cd's for that ? :)


--
-{ ViPER - www.dmrt.net
-{ Nostalgia ain't what it used to be.

Jim Richardson

unread,
Sep 10, 2004, 2:00:56 PM9/10/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 10 Sep 2004 13:44:13 GMT,
General Protection Fault <gene...@braids.ertw.com> wrote:
> ["Followup-To:" header set to comp.os.linux.advocacy.]
> On Fri, 10 Sep 2004 08:26:16 +0300, cmad wrote:
>> Mike Cox wrote:
>>
>>> When this consultant showed up, my MCSEs were ready to show how much
>>> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>>
>> $$$$$
>>
>>> When the consultant was done with the demo, my MCSE, Scott, went up to
>>> the Linux box, and did the following:
>>
>> And he had to first get past the initial password check to do that,
>> right? But in front of him he had a box, where he had root access. Of
>> course he could do the below, and many many others.
>
> No, he typed "linux init=/bin/sh" at the boot loader. You don't need the
> root password for that.
>
>

Depends on how you configured the bootloader.

- From the lilo.conf on one of my machines.


# You can set a password here, and uncomment the `restricted' lines
# in the image definitions below to make it so that a password must
# be typed to boot anything but a default configuration. If a
# command line is given, other than one specified by an `append'
# statement in `lilo.conf', the password will be required, but a
# standard default boot will not require one.
#
# This will, for instance, prevent anyone with access to the
# console from booting with something like `Linux init=/bin/sh',
# and thus becoming `root' without proper authorization.
#


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBQeVnd90bcYOAWPYRAu82AKDUpiNdf2FE2erDvYx3Q5Yr/URhBACeI/sg
3se1tGU4lCtvVa7n9xcARlI=
=UJ6v
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
"Remember, half-measures can be very effective if all you deal with are
half-wits."--Chris Klein

Bas Keur

unread,
Sep 10, 2004, 2:04:48 PM9/10/04
to
> IMHO, the only way to truly secure a PC / server is to unplug it, and lock
> it away in a safe.....

I bet you haven't seen `Mission Impossible 1` did yah ?

Tudiduhhh TUHTUH....

(sorry :)

Mike Cox

unread,
Sep 10, 2004, 2:18:44 PM9/10/04
to
cmad <cma...@NOyahoo.comSPAM> wrote in message news:<chrdtu$6ck$1...@usenet.otenet.gr>...

> Mike Cox wrote:
>
> > When this consultant showed up, my MCSEs were ready to show how much
> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>
> $$$$$
>
> > When the consultant was done with the demo, my MCSE, Scott, went up to
> > the Linux box, and did the following:
>
> And he had to first get past the initial password check to do that,
> right? But in front of him he had a box, where he had root access. Of
> course he could do the below, and many many others.
>
> > linux init=/bin/sh
> > mount -o remount -rw /
> > mount /proc
> > passwd
> > mount -o remount -ro /
> > umount /proc
>
> Is it just me or did he do a "skills showoff"? 5/6 of the above commands
> needn't have been typed.

>
> > When Scott rebooted the machine, he typed in the new root password and
> > was in. The consultants jaw dropped, my boss laughed, and will now
> > trust my MCSE's judgement in all things related to IT in the company.
>
> If you want to run Windows, run Windows; no one is stopping you.... But
> believing that *nix is insecure because someone with root access to it
> changed the password is quite funny.

That's not what he did. You don't understand *nix if you don't know
that everyone of those commands is needed. The box was not logged in
to, it had the login prompt there. Scott rebooted (ctrl alt del) the
machine and passed a command to GRUB that booted linux into the BASH
shell. He then mounted the /proc file system and then the /
filesystem. He then changed the password.

Every *nix machine is vulnerable to this sort of local security flaw.
If you password protect the BIOS to prevent this, someone can just
take out the battery out of the PC and then the BIOS password is
reset. Someone can just take the Linux disk out, boot their own system
and mount your disk no problem.

Windows doesn't have this flaw. It requires the Administrator
password before it will let you into safe mode or use the Windows 2000
recovery CD. If you use the NTFS filesystem, you can select to
encrypt the hard drive filesystem. That prevents someone from taking
the disk out and trying to mount it using another OS. If you have
encryption enabled, and mount a Windows disk on Linux, you wont be
able to get in. I've tried it. Heck, once i've forgotten my Windows
2000 Admin password and was locked out forever. But not with Linux.
Forget you root password, and you can get a new one in about 1 minute.
Not very secure. Not ready for the enterprise.

And a BIOS password is not a fix. Someone can just take the battery
out of the PC and it is reset.

Andy Haynes

unread,
Sep 10, 2004, 2:20:49 PM9/10/04
to

"General Protection Fault" <gene...@braids.ertw.com> wrote in message
news:slrnck3bn7.1...@braids.ertw.com...

> ["Followup-To:" header set to comp.os.linux.advocacy.]
> On 9 Sep 2004 21:00:34 -0700, Mike Cox wrote:
>> An opensource consultant visited my workplace recently and was
>> upstaged by my MCSEs. The consultant went over my head and made a
>> sales call to the owner of the company who decided to see a demo of
>> the various flavors of *nix. My boss was interested due to the
>> consultant's claims of a lower total cost of ownership and more
>> security.
>>
>> When this consultant showed up, my MCSEs were ready to show how much
>> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>> When the consultant was done with the demo, my MCSE, Scott, went up to
>> the Linux box, and did the following:
>>
>> linux init=/bin/sh
>> mount -o remount -rw /
>> mount /proc
>> passwd
>> mount -o remount -ro /
>> umount /proc
>>
>> When Scott rebooted the machine, he typed in the new root password and
>> was in. The consultants jaw dropped, my boss laughed, and will now
>> trust my MCSE's judgement in all things related to IT in the company.
>
> Any machine is insecure if you have physical access to it.

<snip>

Exactly ---

A


Mike Cox

unread,
Sep 10, 2004, 2:34:04 PM9/10/04
to
mlw <m...@nospam.no> wrote in message news:<HRf0d.18517$D%.6595@attbi_s51>...

> Mike Cox wrote:
>
> [snipped]
>
> So, what you are saying is that someone with physical access to a machine
> can gain access to it?
>
> LOL, are you insane?
>
> There isn't a single PC based computer, regardless of operating system, that
> can not be accessed if you have physical access to the machine and are able
> to reboot it. Hell, I can put knoppix on a CD and get anything I want off
> anything. Some PCs can boot off USB drives.

Not on Windows 2000 you can't. If you are running NTFS and you set
the option to encrypt the hard drive, you won't get at the data. The
only way is to brute force it. But if you use strong passwords, that
won't help much unless you have a lot of time.

Mike Cox

unread,
Sep 10, 2004, 2:38:39 PM9/10/04
to
> Any machine is insecure if you have physical access to it.
>
> I can remove a hard drive from a "secure" NT machine and mount it in my own
> box and read everything.

Not really. If that hard drive you mount was using NTFS with the
encryption option enabled, mounting that hard drive on another system
won't give you access to that data because the encryption keys are
different.

Linux's/BSD's/Unix's flaw is that it allows people to boot from the
boat loader into a shell without requiring the root password. Windows
2000 doesn't allow that. You need the Admin password in order to get
the machine in safe mode or to use the Windows 2000 to do a system
recovery. I know because I've done it and tested it.

Peter Köhlmann

unread,
Sep 10, 2004, 2:43:32 PM9/10/04
to
begin Mike Cox wrote:

> mlw <m...@nospam.no> wrote in message
> news:<HRf0d.18517$D%.6595@attbi_s51>...
>> Mike Cox wrote:
>>
>> [snipped]
>>
>> So, what you are saying is that someone with physical access to a machine
>> can gain access to it?
>>
>> LOL, are you insane?
>>
>> There isn't a single PC based computer, regardless of operating system,
>> that can not be accessed if you have physical access to the machine and
>> are able to reboot it. Hell, I can put knoppix on a CD and get anything I
>> want off anything. Some PCs can boot off USB drives.
>
> Not on Windows 2000 you can't. If you are running NTFS and you set
> the option to encrypt the hard drive, you won't get at the data.

So what? If you do same in linux, you will not get at the data either

--
Microsoft's Guide To System Design:
Form follows malfunction.

Message has been deleted
Message has been deleted

Peter Köhlmann

unread,
Sep 10, 2004, 2:50:26 PM9/10/04
to
begin Mike Cox wrote:


< snip >



>> Any machine is insecure if you have physical access to it.
>>
>> I can remove a hard drive from a "secure" NT machine and mount it in my
>> own box and read everything.
>
> Not really. If that hard drive you mount was using NTFS with the
> encryption option enabled, mounting that hard drive on another system
> won't give you access to that data because the encryption keys are
> different.
>

So tell us what makes this any different from an encrypted linux drive?

> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> boat loader into a shell without requiring the root password.

Not if you set a lilo or grub password

> Windows 2000 doesn't allow that.

Linux doesn't either when you set it up that way

> You need the Admin password in order to get
> the machine in safe mode or to use the Windows 2000 to do a system
> recovery. I know because I've done it and tested it.

Your utter stupidity is noted


--
Microsoft's Guide To System Design:

If it starts working, we'll fix it. Pronto.

7

unread,
Sep 10, 2004, 2:54:49 PM9/10/04
to
Mike Cox wrote:

Bollocks.

System Rescue LiveCD can reset the admin password of NT and ex-peeehee.

Rapskat

unread,
Sep 10, 2004, 3:17:40 PM9/10/04
to
On Thu, 09 Sep 2004 21:00:34 -0700, Mike Cox wrote:

> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>
> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc
>
> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

And presto, chango....with a bit of flourish and a lot of smoke and
mirrors one lone pedigreed monkey was able to impress an Administrative
type.


PUH-Leeze! Do you REALLY want to compare the multitudes of *remotely
exploitable* flaws inherent with any version of Windows to some obscure
local equivelant of a parlor-trick (which is even more easily done on a
winbox I might add)?

You really want to find out which is more secure, put a Windows Server and
a Linux Server both open to the net and see which one is compromised
first.

General Protection Fault

unread,
Sep 10, 2004, 3:26:05 PM9/10/04
to
["Followup-To:" header set to comp.os.linux.advocacy.]

Yeah? And how many NTFS filesystems out there are encrypted?

> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> boat loader into a shell without requiring the root password. Windows
> 2000 doesn't allow that. You need the Admin password in order to get
> the machine in safe mode or to use the Windows 2000 to do a system
> recovery. I know because I've done it and tested it.

The boot loader can be password protected.


--
FreeBSD 4.8-RELEASE i386
2:20PM up 173 days, 6:23, 0 users, load averages: 0.32, 0.07, 0.02

General Protection Fault

unread,
Sep 10, 2004, 3:27:31 PM9/10/04
to
["Followup-To:" header set to comp.os.linux.advocacy.]
On 10 Sep 2004 11:34:04 -0700, Mike Cox wrote:
> mlw <m...@nospam.no> wrote in message news:<HRf0d.18517$D%.6595@attbi_s51>...
>> Mike Cox wrote:
>>
>> [snipped]
>>
>> So, what you are saying is that someone with physical access to a machine
>> can gain access to it?
>>
>> LOL, are you insane?
>>
>> There isn't a single PC based computer, regardless of operating system, that
>> can not be accessed if you have physical access to the machine and are able
>> to reboot it. Hell, I can put knoppix on a CD and get anything I want off
>> anything. Some PCs can boot off USB drives.
>
> Not on Windows 2000 you can't. If you are running NTFS and you set
> the option to encrypt the hard drive, you won't get at the data. The
> only way is to brute force it. But if you use strong passwords, that
> won't help much unless you have a lot of time.

The only reason you would enable filesystem encryption on NTFS in *practice*
is if someone dared you to make NT run slower that it already does.

>>
>> All of this falls into the "so what" category.
>>
>> If this is a fear to you, put a boot password on the machine.


--
FreeBSD 4.8-RELEASE i386
2:25PM up 173 days, 6:28, 1 user, load averages: 0.00, 0.02, 0.00

Dariusz Kuliński / TaKeDa

unread,
Sep 10, 2004, 3:28:44 PM9/10/04
to
On 9 Sep 2004 21:00:34 -0700, Mike Cox wrote:

> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc
>
> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

Geez, almost every hardware have some way of password recovery, i.e. cisco
routers have special combination that you can do at boot so you can recover
forgotten password.

It doesn't count how secure is computer if you have physical access to it,
you can get access in many ways (resetting administrator password on
windows is pretty trivial too). Most important thing is how computer is
secure from outside.

BTW: Person who set up that box didn't do good job too.

Also I don't understand why do you brought up BSD and other Unix here, I
use FreeBSD and believe me, it's not that trivial to get access on
correctly configured system. Using schg flags, security_levels and changing
console setting to insecure. Makes it very difficult to do any damage if
you're even got root access.

Here is example:
| The kernel runs with five different levels of security. Any super-user
| process can raise the security level, but no process can lower it. The
| security levels are:
|
| -1 Permanently insecure mode - always run the system in level 0 mode.
| This is the default initial value.
|
| 0 Insecure mode - immutable and append-only flags may be turned off.
| All devices may be read or written subject to their permissions.
|
| 1 Secure mode - the system immutable and system append-only flags may
| not be turned off; disks for mounted file systems, /dev/mem, and
| /dev/kmem may not be opened for writing; kernel modules (see
| kld(4)) may not be loaded or unloaded.
|
| 2 Highly secure mode - same as secure mode, plus disks may not be
| opened for writing (except by mount(2)) whether mounted or not.
| This level precludes tampering with file systems by unmounting
| them, but also inhibits running newfs(8) while the system is multi-
| user.
|
| In addition, kernel time changes are restricted to less than or
| equal to one second. Attempts to change the time by more than this
| will log the message ``Time adjustment clamped to +1 second''.
|
| 3 Network secure mode - same as highly secure mode, plus IP packet
| filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed and
| dummynet(4) configuration cannot be adjusted.

Setting schg on important files and directories make impossible to change
them even for root, unless system is rebooted to single user mode. Setting,
console to insecure makes system ask for root password before allowing you
to get a shell in single user mode. No way to load/unload modules, now way
to change files. Only possible solution is to attach hard drive to another
machine but that actually supposed to be job for hardware not software.

--
tak...@IRCnet.EFnet, ICQ# 15827691, TLEN: taked4
EMAIL: 5570...@NOsneakemailSPAM.com
(remove CAPITAL letters from email if you want to contact me)
*http://eggwiki.takeda.tk - pomoc w używaniu botów po polsku*

Dariusz Kuliński / TaKeDa

unread,
Sep 10, 2004, 3:37:53 PM9/10/04
to

Thats BS, there are many CDs that only what they ask is what new password
should be.

> If you use the NTFS filesystem, you can select to
> encrypt the hard drive filesystem. That prevents someone from taking
> the disk out and trying to mount it using another OS.

Are you talking about EFS? How do you want to protect system files this
way? Or maybe you're talking about syskey? If it's the second then it's
maybe difficult to recover a password but it doesn't protect in anyway from
changing it.

Rapskat

unread,
Sep 10, 2004, 4:04:46 PM9/10/04
to
On Fri, 10 Sep 2004 11:34:04 -0700, Mike Cox wrote:

> mlw <m...@nospam.no> wrote in message
> news:<HRf0d.18517$D%.6595@attbi_s51>...
>> Mike Cox wrote:
>>
>> [snipped]
>>
>> So, what you are saying is that someone with physical access to a
>> machine can gain access to it?
>>
>> LOL, are you insane?
>>
>> There isn't a single PC based computer, regardless of operating system,
>> that can not be accessed if you have physical access to the machine and
>> are able to reboot it. Hell, I can put knoppix on a CD and get anything
>> I want off anything. Some PCs can boot off USB drives.
>
> Not on Windows 2000 you can't. If you are running NTFS and you set the
> option to encrypt the hard drive, you won't get at the data. The only
> way is to brute force it. But if you use strong passwords, that won't
> help much unless you have a lot of time.

Remote exploits access data at a level where it has already been
decrypted, so big whoop.

What good is local security if the remote security sucks? Your greatest
danger is probably not going to be from someone at the physical console.

mlw

unread,
Sep 10, 2004, 4:12:41 PM9/10/04
to
Mike Cox wrote:

> mlw <m...@nospam.no> wrote in message
> news:<HRf0d.18517$D%.6595@attbi_s51>...
>> Mike Cox wrote:
>>
>> [snipped]
>>
>> So, what you are saying is that someone with physical access to a machine
>> can gain access to it?
>>
>> LOL, are you insane?
>>
>> There isn't a single PC based computer, regardless of operating system,
>> that can not be accessed if you have physical access to the machine and
>> are able to reboot it. Hell, I can put knoppix on a CD and get anything I
>> want off anything. Some PCs can boot off USB drives.
>
> Not on Windows 2000 you can't. If you are running NTFS and you set
> the option to encrypt the hard drive, you won't get at the data. The
> only way is to brute force it. But if you use strong passwords, that
> won't help much unless you have a lot of time.

The *only* thing file system encryption buys you is the ability secure the
hardware if it is accessed outside the installed operating system.

Typically, encrypted filesystems are slow.

2000 and 2K3 have encryptded file systems, as does Linux, but they are not
widely practical.

Bas Keur

unread,
Sep 10, 2004, 4:19:29 PM9/10/04
to
> Not really. If that hard drive you mount was using NTFS with the
> encryption option enabled, mounting that hard drive on another system
> won't give you access to that data because the encryption keys are
> different.

The swap file on the roo.. c:\ disk is happy to share all it's secrets
to you, should not be a problem. Then again, if a sam file breaks
in -+30 minutes what can you expect from the Filesystem ?

> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> boat loader into a shell without requiring the root password.

Now how whould you do that when the keyboard is disabled ?
Who needs a keyboard on a server ? Talk to the console.

Either way, i got myself a 0day exploit that `own`
every server on this planet ! Wanna see ?
http://home.howstuffworks.com/inside-sd.htm
(Exploit Tested Nearby, every server is vurnerable)
If people can reach the servers, they can destroy them.

> Windows 2000 doesn't allow that.

[twoing: Fatal Exception]

> You need the Admin password in order to get

It's called a boot-cd/disk/stick

> the machine in safe mode or to use the Windows
> 2000 to do a system recovery.
> I know because I've done it and tested it.

Guess what, i got my Minesweeping Consulting & Solitare
Expert (MCSE) as well ! :)

Rapskat

unread,
Sep 10, 2004, 4:30:35 PM9/10/04
to
On Fri, 10 Sep 2004 11:18:44 -0700, Mike Cox wrote:

> Windows doesn't have this flaw. It requires the Administrator
> password before it will let you into safe mode or use the Windows 2000
> recovery CD. If you use the NTFS filesystem, you can select to
> encrypt the hard drive filesystem. That prevents someone from taking
> the disk out and trying to mount it using another OS. If you have
> encryption enabled, and mount a Windows disk on Linux, you wont be
> able to get in. I've tried it. Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever. But not with Linux.
> Forget you root password, and you can get a new one in about 1 minute.
> Not very secure. Not ready for the enterprise.


Utter bullshit and Supreme FUD.

First of all, you can encrypt a linux filesystem just as well as you can
an NTFS one.

Second, you can configure the bootloader so that this little trick isn't
possible.

Finally, any system is only as secure as the skill, knowledge and
diligence of the person administering it. So if the system is insecure,
rather than pointing fingers at the platform, maybe you should be looking
more closely at the person(s) who set it up.

Bo Grimes

unread,
Sep 10, 2004, 4:46:53 PM9/10/04
to
[follow-up set]

On 9 Sep 2004 21:00:34 -0700, Mike Cox <mikeco...@yahoo.com> wrote:
> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc
>

> When Scott rebooted the machine, he typed in the new root password and
> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

Taking your MCSE test, Mike?

http://www.mcsebraindumps.net/dump.php?bd_id=13585
<quote>
4. A SYSTEM ADMINISTRATOR WHO HAS FORGOTTEN HIS ROOT PASSWORD ON A SERVER
CAN DO WHICH OF THE FOLLOWING TO CHANGE THE ROOT PASSWORD?
A. Use the brute-force password sniffer.
B. Edit the /etc/inittab file to load without NIS.
C. Use the passwd command from the administrator group.
D. Reboot the system in runlevel 1 and use "init=/bin/sh" as a boot
option.

Answer: D
Explanation: If you forget the root password, you can boot init into the
shell and change the password using the following commands:
boot: Linux init=/bin/sh bash# mount -o remount / -rw bash# passwd root
</quote>

Notice it says a "system admin." And I'm sure there's probably a way to
disable this.

I don't know Jack about this, but I do recognize a BS made up story when I
read one. You read this on a web site and invented the whole thing to give
it some pizazz and verisimilitude. Better than your usual trolls, I admit,
but still very amateurish.

Do it again, but, but better.

--
use...@isp.com is valid, but for a faster reply replace usenet with vcg3rd.
Calvin: I'm a genius, but I'm a misunderstood genius. Hobbes: What's
misunderstood about you? Calvin: Nobody thinks I'm a genius. -- Calvin

Lord Merlin

unread,
Sep 10, 2004, 4:53:09 PM9/10/04
to
"Bas Keur" <vi...@dmrt.net> wrote in message
news:4141ecc5$0$559$e4fe...@news.xs4all.nl...

Well, two things......

1) I don't have a hitlist on my PC that anyone would want
2) It's only a move .....

--


Kind Regards
Rudi Ahlers
+27 (82) 926 1689

Greater love has no one than this, that he lay down his life for his friends
(John 15:13).


Rex Ballard

unread,
Sep 10, 2004, 4:56:02 PM9/10/04
to
mikeco...@yahoo.com (Mike Cox) wrote in message news:<3d6111f1.04090...@posting.google.com>...

> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs. The consultant went over my head and made a
> sales call to the owner of the company who decided to see a demo of
> the various flavors of *nix. My boss was interested due to the
> consultant's claims of a lower total cost of ownership and more
> security.
>
> When this consultant showed up, my MCSEs were ready to show how much
> more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> When the consultant was done with the demo, my MCSE, Scott, went up to
> the Linux box, and did the following:
>
> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc

The reason this worked was because mount had been enabled for generic
users. This would be normal in a workstation, but would normally NOT
be allowed in a production server.

Normally, rather than doing the setuid to the "mount" command, you
would do the setuid to scripts that did specific mounts. For example,
you might have "unmountcd" and "mountcd" commands which allow you to
let users mount CDs but doesn't let them mount /proc or /

> When Scott rebooted the machine,
> he typed in the new root password and was in.

He probably learned this trick reading MSDN. Microsoft LOVES to
publish these little cracks. It's ironic that they request court
injunctions to keep Windows cracks from being exposed.

I was going to give you a few URLs to some popular Windows cracks, but
they seem to be tombstoned (the site is present but the pages are
gone).
http://www.securitywatch.com/EDU/ency/hacking_techniques.html
Captain Crunch is gone.


Here are some good ones ones:

http://security.tombom.co.uk/shatter.html
http://neworder.box.sk/codebox.links.php?&key=hack-nt
http://w3.aces.uiuc.edu/DLM/Ntexploits.html
http://www.k-otik.com/exploits/07182004.ms04_022.cpp.php


http://www.greymagic.com/security/advisories/gm001-ie/
http://www.nsclean.com/psc-vbs.html
http://www.infobeat.com/index.cfm?action=article&id=628902
http://www.thebugs.ws/books/
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci920573,00.html?newsel=10.01

http://www.tbtf.com/archive/1997-04-04.html
http://www.insecure.org/

> The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

The fact that you have such contempt - prior to investigation, and
were so easily swayed by such a trivial trick, tells me that you have
no clue of the capabilities of Linux. Why your boss is keeping you in
the position to make such decisions is very curious.

Microsoft has a fundamental problem.

They have issued security patches which will make NT, Windows 2000,
and even Windows XP very secure. The only problem is that these
patches disable the very features Microsoft has tried so hard to
market, has convinced ISPs and content providers to use and exploit,
and has used to prevent the spread of other more secure competitor
browser and e-mail products.

Microsoft is in a Catch-22 situation. If they actually do what it
takes to "lock down" their applications and system, users won't be
able to view PDF files, Flash animations, or receive spyware. This
will make corporate users very upset (since they probably won't be
able to use corporate applications either), and it will make the
content providers and advertisers (the most frequent users of Flash
and Spyware) very upset as well.

On the other hand, if they don't disable these features, these very
easily created and easily modifiable viruses will continue to slip
past even the best firewalls like cat dung on a hot greased slide.

So long as Microsoft insists on refusing to comply with published open
standards, and to fully disclose in unrestricted fashion, their
extensions and modifications to those standards, every Windows user
will be vulnerable.

Rex Ballard
http://www.open4success.org

PastaVerde

unread,
Sep 10, 2004, 5:42:21 PM9/10/04
to
On Fri, 10 Sep 2004 06:55:46 +0100, Martin <nos...@example.org> wrote:

>Mike Cox wrote:
>
>> When Scott rebooted the machine, he typed in the new root password and
>> was in.
>

>Given physical access, anyone even vaguely competent can get root on any
>Windows or Unix machine (or can just read the disk content by booting from
>floppy or CD).

True unless the file system is NTFS and the user encrypted the files
(it's just a checkbox to set on a property page). BTW, the NTFS clones
on non NT platforms currently do not support encryption.

> Choice of OS makes no difference, so your story proves
>nothing except your own incompetence. If you want security when an attacker
>has physical access, you'll have to use whole-disk encryption; but most
>folks are more worried about network security than physical security, and
>justifiably so.
>
>

PastaVerde

unread,
Sep 10, 2004, 5:43:52 PM9/10/04
to
On Fri, 10 Sep 2004 20:30:35 GMT, Rapskat <rap...@mailblocks.com>
wrote:

>Second, you can configure the bootloader so that this little trick isn't
>possible.

If it comes like this by default, there is a 99.9% chance that it will
stay like this on most systems, which are then completely vulnerable.

Peter Köhlmann

unread,
Sep 10, 2004, 5:54:41 PM9/10/04
to
begin PastaVerde wrote:

> On Fri, 10 Sep 2004 06:55:46 +0100, Martin <nos...@example.org> wrote:
>
>>Mike Cox wrote:
>>
>>> When Scott rebooted the machine, he typed in the new root password and
>>> was in.
>>
>>Given physical access, anyone even vaguely competent can get root on any
>>Windows or Unix machine (or can just read the disk content by booting from
>>floppy or CD).
>
> True unless the file system is NTFS and the user encrypted the files
> (it's just a checkbox to set on a property page). BTW, the NTFS clones
> on non NT platforms currently do not support encryption.
>

It is just a checkbox on linux systems as well.

Meaning: Mike Cox is a retard
--
Just out of curiosity does this actually mean something or have some
of the few remaining bits of your brain just evaporated?

Peter Köhlmann

unread,
Sep 10, 2004, 5:56:32 PM9/10/04
to
begin PastaVerde wrote:

You may feel free now to support your claim that more than 99.9% of NTFS
file systems are encrypted
Because if they are not, anyone can do everything he wishes with them
--
Microsoft: The company that made email dangerous

spi...@freenet.co.uk

unread,
Sep 10, 2004, 5:59:06 PM9/10/04
to
S.Heenan <she...@wahs.ac> did eloquently scribble:
>> To execute that, you would need access to the CMOS - that is, I/O
>> ports 0x70, 0x71. That means root or system privileges on real
>> operating systems (okay, perhaps not when some idiot did a "chmod 666
>> /dev/nvram", but then your machine code would probably not be usable
>> but instead one would do a small dd command). Thus, this will help
>> none at all make the computer bootable from floppy so that you can
>> change the root password.
>>
>> Nice try, try again.
>
>
> Wrong Kohlmann.

No, he's not.
If the bios is password protected and booting from anything but the hard
disk is disabled AND the case is locked, how do you, in linux without root
access, reflash the bios in such a way you can disable the password?

Instead of saying "wrong", explain how he's wrong!

>

--
______________________________________________________________________________
| spi...@freenet.co.uk | "I'm alive!!! I can touch! I can taste! |
|Andrew Halliwell BSc(hons)| I can SMELL!!! KRYTEN!!! Unpack Rachel and |
| in | get out the puncture repair kit!" |
| Computer Science | Arnold Judas Rimmer- Red Dwarf |
------------------------------------------------------------------------------

Rudolf Polzer

unread,
Sep 10, 2004, 6:41:07 PM9/10/04
to
»spi...@freenet.co.uk« <spi...@freenet.co.uk> wrote:
> S.Heenan <she...@wahs.ac> did eloquently scribble:
> >> To execute that, you would need access to the CMOS - that is, I/O
> >> ports 0x70, 0x71. That means root or system privileges on real
> >> operating systems (okay, perhaps not when some idiot did a "chmod 666
> >> /dev/nvram", but then your machine code would probably not be usable
> >> but instead one would do a small dd command). Thus, this will help
> >> none at all make the computer bootable from floppy so that you can
> >> change the root password.
> >>
> >> Nice try, try again.
> >
> >
> > Wrong Kohlmann.
>
> No, he's not.
> If the bios is password protected and booting from anything but the hard
> disk is disabled AND the case is locked, how do you, in linux without root
> access, reflash the bios in such a way you can disable the password?

Well, probably he suggests that any BIOS has an intentional backdoor
(like Award's master passwords)? If that's true, the PCs are defective
and should be given back for the money. And one should switch to other
hardware then.

If not, he might mean that screw drivers do exist. But that takes up too
much time for a typical attacker in this scenario. It's easy to set off
an alarm when a computer's OS isn't reachable for some time, when the
power cord is unplugged and/or when the case is opened.

Or do you think an intruder can waste the time for that? If he can, he'd
still better remove the hard drive and run away. So what if anyone
notices - they will anyway (because of the unreachability alarm).


--
/ --- Where bots rampage, I'm there to take them down! --- \
/ ------ Where trouble arises, I'm there to cause it! ------ \
\ Where an enemy tries to frag me, victory will be mine!!!1! /
{{dup[exch{dup exec}fork =}loop}dup exec >> http://www.ccc-offenbach.org <<

GreyCloud

unread,
Sep 10, 2004, 10:28:43 PM9/10/04
to

Mike Cox wrote:

> cmad <cma...@NOyahoo.comSPAM> wrote in message news:<chrdtu$6ck$1...@usenet.otenet.gr>...
>
>>Mike Cox wrote:
>>
>>

>>>When this consultant showed up, my MCSEs were ready to show how much
>>>more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>>

>>$$$$$


>>
>>
>>>When the consultant was done with the demo, my MCSE, Scott, went up to
>>>the Linux box, and did the following:
>>

>>And he had to first get past the initial password check to do that,
>>right? But in front of him he had a box, where he had root access. Of
>>course he could do the below, and many many others.
>>
>>

>>>linux init=/bin/sh
>>>mount -o remount -rw /
>>>mount /proc
>>>passwd
>>>mount -o remount -ro /
>>>umount /proc
>>

>>Is it just me or did he do a "skills showoff"? 5/6 of the above commands
>> needn't have been typed.
>>
>>

>>>When Scott rebooted the machine, he typed in the new root password and

>>>was in. The consultants jaw dropped, my boss laughed, and will now


>>>trust my MCSE's judgement in all things related to IT in the company.
>>

>>If you want to run Windows, run Windows; no one is stopping you.... But
>>believing that *nix is insecure because someone with root access to it
>>changed the password is quite funny.
>
>
> That's not what he did. You don't understand *nix if you don't know
> that everyone of those commands is needed. The box was not logged in
> to, it had the login prompt there. Scott rebooted (ctrl alt del) the
> machine and passed a command to GRUB that booted linux into the BASH
> shell. He then mounted the /proc file system and then the /
> filesystem. He then changed the password.
>
> Every *nix machine is vulnerable to this sort of local security flaw.
> If you password protect the BIOS to prevent this, someone can just
> take out the battery out of the PC and then the BIOS password is
> reset. Someone can just take the Linux disk out, boot their own system
> and mount your disk no problem.
>

> Windows doesn't have this flaw. It requires the Administrator
> password before it will let you into safe mode or use the Windows 2000
> recovery CD. If you use the NTFS filesystem, you can select to
> encrypt the hard drive filesystem. That prevents someone from taking
> the disk out and trying to mount it using another OS. If you have
> encryption enabled, and mount a Windows disk on Linux, you wont be
> able to get in. I've tried it. Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever. But not with Linux.
> Forget you root password, and you can get a new one in about 1 minute.
> Not very secure. Not ready for the enterprise.
>

> And a BIOS password is not a fix. Someone can just take the battery
> out of the PC and it is reset.


Yeah, sure... then how come it isn't virus safe then?

--
---------------------------------
The Golden Years Sux.

GreyCloud

unread,
Sep 10, 2004, 10:29:47 PM9/10/04
to

PastaVerde wrote:

> On Fri, 10 Sep 2004 06:55:46 +0100, Martin <nos...@example.org> wrote:
>
>
>>Mike Cox wrote:
>>
>>
>>>When Scott rebooted the machine, he typed in the new root password and
>>>was in.
>>
>>Given physical access, anyone even vaguely competent can get root on any
>>Windows or Unix machine (or can just read the disk content by booting from
>>floppy or CD).
>
>
> True unless the file system is NTFS and the user encrypted the files
> (it's just a checkbox to set on a property page). BTW, the NTFS clones
> on non NT platforms currently do not support encryption.
>

Uh-huh. Did you know that a lot of UNIX vendors also have encryption of
files?

Freeride

unread,
Sep 11, 2004, 12:13:46 AM9/11/04
to
On Fri, 10 Sep 2004 11:18:44 -0700, Mike Cox wrote:
> That's not what he did. You don't understand *nix if you don't know
> that everyone of those commands is needed. The box was not logged in
> to, it had the login prompt there. Scott rebooted (ctrl alt del) the
> machine and passed a command to GRUB that booted linux into the BASH
> shell. He then mounted the /proc file system and then the / filesystem.
> He then changed the password.
>
> Every *nix machine is vulnerable to this sort of local security flaw. If
> you password protect the BIOS to prevent this, someone can just take out
> the battery out of the PC and then the BIOS password is reset. Someone
> can just take the Linux disk out, boot their own system and mount your
> disk no problem.
>
> Windows doesn't have this flaw. It requires the Administrator password
> before it will let you into safe mode or use the Windows 2000 recovery
> CD.

Bullshit!!

http://www.winternals.com/products/repairandrecovery/erdcommander2002.asp?pid=erd
ERD Commander 2003.
(Includes the Locksmith utility to reset lost Administrator passwords)

Can boot any Winders box from a CD reset the admin password.


> If you use the NTFS filesystem, you can select to encrypt the hard drive
> filesystem. That prevents someone from taking the disk out and trying
> to mount it using another OS.

Again I can boot the system up with ERD and change any users password then
boot up Windows and un-encrypt any of those file! Can also snag the
certificate that was used to encrypt those files.

> If you have
> encryption enabled, and mount a Windows disk on Linux, you wont be able
> to get in.

Wow you almost sound knowledgeable.

> I've tried it. Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever.

Because your a moron.

> But not with Linux.
> Forget you root password, and you can get a new one in about 1 minute.
> Not very secure.

Nothing that you have physical access to is secure.

> Not ready for the enterprise.

What the fsck do you know about enterprise computing.


> And a BIOS password is not a fix. Someone can just take the battery out
> of the PC and it is reset.

Again you are taking out your ass. Many of the new systems/server have
highly protect bios password capabilities, and the only way to get into
them with out the password is to send it into the manufacture.

Freeride
RHCE, MCES(NT4,Win2000,Win2003), CNE, CCNA, VMWare VCP

Cancerous Jaw

unread,
Sep 11, 2004, 12:53:59 AM9/11/04
to
Freeride wrote:

> On Fri, 10 Sep 2004 11:18:44 -0700, Mike Cox wrote:

>> I've tried it. Heck, once i've forgotten my Windows
>> 2000 Admin password and was locked out forever.

security is bound to ownership

if you own data, you should always be able to get to it.

if not, you should never be able to get to it.

for example, take a business with 3 partners.

each may have admin rights.

so 1 of the 3 could lock out the other 3 with a simple password change.

that is not legal, and not secure

Tim Hammerquist

unread,
Sep 11, 2004, 5:43:37 AM9/11/04
to
Mike Cox <mikeco...@yahoo.com> wrote:
> An opensource consultant visited my workplace recently and was
> upstaged by my MCSEs.

A few things:

My "my MCSEs", are you implying that they are your personal, private,
personal minions doing your private, personal, private deeds? Are you
implying any sort of ownership, whether authoritative or sexual? Or are
you just trying to make up for some sort of "shortcoming" by claiming
credit for actions you did not take?

> linux init=/bin/sh
> mount -o remount -rw /
> mount /proc
> passwd
> mount -o remount -ro /
> umount /proc

Ooo. Rooting a poorly administered linux box with physical access to
the machine/terminal? Wow. I suddenly see the huge relative size of
your IT "staff."

How would this work with a customized lilo.conf/grub.conf? One that
renamed menu options? One that disallowed user interaction? One that
requires a password to alter boot options? How 'bout
a password-protected boot process?

How does this apply to BSD or other *nix systems?

> When Scott rebooted the machine, he typed in the new root password and

> was in. The consultants jaw dropped, my boss laughed, and will now
> trust my MCSE's judgement in all things related to IT in the company.

Funny. You must have forgotten to show the relatively high security of
your Windows OS. That was your goal originally, correct? As stated
here:

> my MCSEs were ready to show how much more powerful and bulletproof
> Windows is compared to Linux/BSD/UNIX.

As another poster mentioned, I would be surprised at your boss's
eagerness to summarily dismiss any alternative solution (assuming this
even transpired IRL at all), but I have a boss of my own to disillusion
me.

Tim Hammerquist

Message has been deleted

erik van westen

unread,
Sep 11, 2004, 8:56:05 AM9/11/04
to
Mike Cox wrote:

> mlw <m...@nospam.no> wrote in message
> news:<HRf0d.18517$D%.6595@attbi_s51>...
>> Mike Cox wrote:
>>
>> [snipped]
>>
>> So, what you are saying is that someone with physical access to a machine
>> can gain access to it?
>>
>> LOL, are you insane?
>>
>> There isn't a single PC based computer, regardless of operating system,
>> that can not be accessed if you have physical access to the machine and
>> are able to reboot it. Hell, I can put knoppix on a CD and get anything I
>> want off anything. Some PCs can boot off USB drives.
>
> Not on Windows 2000 you can't.

I've heard _that_ claim before.

> If you are running NTFS and you set
> the option to encrypt the hard drive, you won't get at the data.

I've proven to somebody that believed that claim that it is a false claim.

> The
> only way is to brute force it.

O, no you do not need to brute force. No way.

> But if you use strong passwords, that
> won't help much unless you have a lot of time.

Give me a few minutes...

<evil grin>

>
>>
>> All of this falls into the "so what" category.
>>
>> If this is a fear to you, put a boot password on the machine.

But, do not feed the trolls more...

EJ

erik van westen

unread,
Sep 11, 2004, 9:03:06 AM9/11/04
to
Mike Cox wrote:

> cmad <cma...@NOyahoo.comSPAM> wrote in message
> news:<chrdtu$6ck$1...@usenet.otenet.gr>...
>> Mike Cox wrote:
>>

>> > When this consultant showed up, my MCSEs were ready to show how much


>> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>>

>> $$$$$
>>
>> > When the consultant was done with the demo, my MCSE, Scott, went up to
>> > the Linux box, and did the following:
>>
>> And he had to first get past the initial password check to do that,
>> right? But in front of him he had a box, where he had root access. Of
>> course he could do the below, and many many others.
>>

>> > linux init=/bin/sh
>> > mount -o remount -rw /
>> > mount /proc
>> > passwd
>> > mount -o remount -ro /
>> > umount /proc
>>

>> Is it just me or did he do a "skills showoff"? 5/6 of the above commands
>> needn't have been typed.
>>

>> > When Scott rebooted the machine, he typed in the new root password and
>> > was in. The consultants jaw dropped, my boss laughed, and will now
>> > trust my MCSE's judgement in all things related to IT in the company.
>>

>> If you want to run Windows, run Windows; no one is stopping you.... But
>> believing that *nix is insecure because someone with root access to it
>> changed the password is quite funny.
>

> That's not what he did. You don't understand *nix if you don't know
> that everyone of those commands is needed. The box was not logged in
> to, it had the login prompt there. Scott rebooted (ctrl alt del) the
> machine and passed a command to GRUB that booted linux into the BASH
> shell. He then mounted the /proc file system and then the /
> filesystem. He then changed the password.
>
> Every *nix machine is vulnerable to this sort of local security flaw.
> If you password protect the BIOS to prevent this, someone can just
> take out the battery out of the PC and then the BIOS password is
> reset. Someone can just take the Linux disk out, boot their own system
> and mount your disk no problem.
>
> Windows doesn't have this flaw.

O yes it does. Simply boot a knoppix cd, run the right program and you have
changed the administrator password.

> It requires the Administrator
> password before it will let you into safe mode or use the Windows 2000

> recovery CD. If you use the NTFS filesystem, you can select to


> encrypt the hard drive filesystem. That prevents someone from taking

> the disk out and trying to mount it using another OS. If you have


> encryption enabled, and mount a Windows disk on Linux, you wont be

> able to get in. I've tried it. Heck, once i've forgotten my Windows


> 2000 Admin password and was locked out forever.

Then you don't know your toolbox very well.

> But not with Linux.

But not with *any* system you have physical access to. Regardless if it runs
OpenBSD, linux, Windows (in whichever version), or any OS you can think of.

Otherwise just use a hardware keylogger. Are you sure there is no keylogger
installed inside your keyboard? They're cheap, small and very handy. <g>

> Forget you root password, and you can get a new one in about 1 minute.

> Not very secure. Not ready for the enterprise.

Are you?

>
> And a BIOS password is not a fix. Someone can just take the battery
> out of the PC and it is reset.

Or take the harddisk, and so on...

EJ

Thomas Schweikle

unread,
Sep 11, 2004, 12:25:37 PM9/11/04
to
Mike Cox wrote:

No, not exactly. He started a shell (/bin/sh) with root privileges.
This was possible, because grub/lilo wheren't properly password
protected. Both bootloaders allow for passwords if you want to give
kernel parameters. Password not known? Opps! Doesn't work.

Next he remounted the root filesystem rw, since the kernel mounted
it ro at this stage (necessary to change the password --- you can't
change something on a read only filesystem, can't you?

Mounting proc isn't realy necessary, but avoids some error messages.

Since passwd was called being root, he wasn't prompted for the old
password. Thus he was able to change it to something new.

Unmounting the mounted filesystems was necessary to make shure they
are synced and marked clean --- avoiding a lengthly file system check.

> Every *nix machine is vulnerable to this sort of local security flaw.
> If you password protect the BIOS to prevent this, someone can just
> take out the battery out of the PC and then the BIOS password is
> reset. Someone can just take the Linux disk out, boot their own system
> and mount your disk no problem.

Windows ist vulnerable to such procedure too. Just press F8, then
decide to start an "emergency console" (not shure of the name, but
this boots into a "text only Windows".

Do what ever you want.

> Windows doesn't have this flaw.

Trusting Microsoft, then you are correct.
Not trusting Microsoft, then you are correct too.

I'd say: the vulnerability is quite good known with *nix, but not
for Windows. The only difference I see.

> It requires the Administrator
> password before it will let you into safe mode or use the Windows 2000
> recovery CD. If you use the NTFS filesystem, you can select to
> encrypt the hard drive filesystem.

True for Linux also. Free-, Net-, and OpenBSD either. Also true for
AIX. The others --- I do not know.

> That prevents someone from taking
> the disk out and trying to mount it using another OS.

Securing the BIOS:
- set a password
- set boot device to your harddisk only (for newest
BIOS: switch of Fpressing F12 to be asked from what
you want to boot).
- lock the case

> If you have
> encryption enabled, and mount a Windows disk on Linux, you wont be
> able to get in. I've tried it.

Yes, that is true. But also for Linux. Mounting an encripted root
without knowing the credentials makes it impossible (or better
nearly impossible --- you might want to start a password cracker) to
recover any lost data.

> Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever.

:-)

> But not with Linux.

> Forget you root password, and you can get a new one in about 1 minute.
> Not very secure.

You did not use an encripted filesystem, didn't you?

> Not ready for the enterprise.

Ready for enterprize. You are wrong. As I told you above.

> And a BIOS password is not a fix. Someone can just take the battery
> out of the PC and it is reset.

This depends on what hardware you are using. I own a PC where taking
out the battery only makes the hardware clock reset. The password
remains. The nvram is specified to hold written data for the next 20
years or longer. Whant to wait this long? But other PC hardware exists.

On the other hand: up the page I told you: lock the case.

--
Thomas

Thomas Schweikle

unread,
Sep 11, 2004, 12:36:07 PM9/11/04
to
Mike Cox wrote:

> mlw <m...@nospam.no> wrote in message news:<HRf0d.18517$D%.6595@attbi_s51>...
>> Mike Cox wrote:
>>
>> [snipped]
>>
>> So, what you are saying is that someone with physical access to a machine
>> can gain access to it?
>>
>> LOL, are you insane?
>>
>> There isn't a single PC based computer, regardless of operating system, that
>> can not be accessed if you have physical access to the machine and are able
>> to reboot it. Hell, I can put knoppix on a CD and get anything I want off
>> anything. Some PCs can boot off USB drives.
>

> Not on Windows 2000 you can't. If you are running NTFS and you set
> the option to encrypt the hard drive, you won't get at the data. The
> only way is to brute force it. But if you use strong passwords, that


> won't help much unless you have a lot of time.

Not really correct. Boot into an "emergency console". Good chances,
Windows mounts all volumes, even encrypted ones. Really good chances
to access the drives without being brothered by the EFS.

>> All of this falls into the "so what" category.
>>
>> If this is a fear to you, put a boot password on the machine.

--
Thomas

Thomas Schweikle

unread,
Sep 11, 2004, 12:54:25 PM9/11/04
to
Mike Cox wrote:

> General Protection Fault <gene...@braids.ertw.com> wrote in message news:<slrnck3bn7.1...@braids.ertw.com>...
>> ["Followup-To:" header set to comp.os.linux.advocacy.]


>> On 9 Sep 2004 21:00:34 -0700, Mike Cox wrote:
>> > An opensource consultant visited my workplace recently and was

>> > upstaged by my MCSEs. The consultant went over my head and made a
>> > sales call to the owner of the company who decided to see a demo of
>> > the various flavors of *nix. My boss was interested due to the
>> > consultant's claims of a lower total cost of ownership and more
>> > security.
>> >

>> > When this consultant showed up, my MCSEs were ready to show how much
>> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.

>> > When the consultant was done with the demo, my MCSE, Scott, went up to
>> > the Linux box, and did the following:
>> >

>> > linux init=/bin/sh
>> > mount -o remount -rw /
>> > mount /proc
>> > passwd
>> > mount -o remount -ro /
>> > umount /proc
>> >

>> > When Scott rebooted the machine, he typed in the new root password and
>> > was in. The consultants jaw dropped, my boss laughed, and will now
>> > trust my MCSE's judgement in all things related to IT in the company.
>>

>> Any machine is insecure if you have physical access to it.
>>
>> I can remove a hard drive from a "secure" NT machine and mount it in my own
>> box and read everything.


>
> Not really. If that hard drive you mount was using NTFS with the
> encryption option enabled, mounting that hard drive on another system
> won't give you access to that data because the encryption keys are
> different.
>

> Linux's/BSD's/Unix's flaw is that it allows people to boot from the

> boat loader into a shell without requiring the root password. Windows
> 2000 doesn't allow that. You need the Admin password in order to get


> the machine in safe mode or to use the Windows 2000 to do a system
> recovery. I know because I've done it and tested it.

Really? I am sure, it doesn't ask for a password if booting into the
"rescue console".

--
Thomas

Mike Cox

unread,
Sep 11, 2004, 4:52:03 PM9/11/04
to
Peter Köhlmann <Peter.K...@t-online.de> wrote in message news:<cht7kk$mbu$02$1...@news.t-online.com>...

> begin PastaVerde wrote:
>
> > On Fri, 10 Sep 2004 06:55:46 +0100, Martin <nos...@example.org> wrote:
> >
> >>Mike Cox wrote:
> >>
> >>> When Scott rebooted the machine, he typed in the new root password and
> >>> was in.
> >>
> >>Given physical access, anyone even vaguely competent can get root on any
> >>Windows or Unix machine (or can just read the disk content by booting from
> >>floppy or CD).
> >
> > True unless the file system is NTFS and the user encrypted the files
> > (it's just a checkbox to set on a property page). BTW, the NTFS clones
> > on non NT platforms currently do not support encryption.
> >
>
> It is just a checkbox on linux systems as well.
>

Where? I don't see any check boxes on Linux! I have SuSE 8.1 and I
have yet to see it.

Jesse F. Hughes

unread,
Sep 11, 2004, 4:52:05 PM9/11/04
to
erik van westen <er...@geenspam.vanwesten.net> writes:

>> Not on Windows 2000 you can't.
>
> I've heard _that_ claim before.
>
>> If you are running NTFS and you set
>> the option to encrypt the hard drive, you won't get at the data.
>
> I've proven to somebody that believed that claim that it is a false claim.
>
>> The
>> only way is to brute force it.
>
> O, no you do not need to brute force. No way.
>
>> But if you use strong passwords, that
>> won't help much unless you have a lot of time.
>
> Give me a few minutes...

Why be so oblique? If you know how to do so, just say how.

--
Jesse Hughes
"Such behaviour is exclusively confined to functions invented by
mathematicians for the sake of causing trouble."
-Albert Eagle's _A Practical Treatise on Fourier's Theorem_

Mike Cox

unread,
Sep 11, 2004, 5:02:24 PM9/11/04
to
Sky-Knight <skyk...@cableaz.com> wrote in message news:<mh36k0lrlh1kuoh7k...@4ax.com>...
> On 10 Sep 2004 11:38:39 -0700, mikeco...@yahoo.com (Mike Cox)

> wrote:
>
> >General Protection Fault <gene...@braids.ertw.com> wrote in message news:<slrnck3bn7.1...@braids.ertw.com>...
> >> ["Followup-To:" header set to comp.os.linux.advocacy.]
> >> On 9 Sep 2004 21:00:34 -0700, Mike Cox wrote:
> >> > An opensource consultant visited my workplace recently and was
> >> > upstaged by my MCSEs. The consultant went over my head and made a
> >> > sales call to the owner of the company who decided to see a demo of
> >> > the various flavors of *nix. My boss was interested due to the
> >> > consultant's claims of a lower total cost of ownership and more
> >> > security.
> >> >
> >> > When this consultant showed up, my MCSEs were ready to show how much
> >> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
> >> > When the consultant was done with the demo, my MCSE, Scott, went up to
> >> > the Linux box, and did the following:
> >> >
> >> > linux init=/bin/sh
> >> > mount -o remount -rw /
> >> > mount /proc
> >> > passwd
> >> > mount -o remount -ro /
> >> > umount /proc
> >> >
> >> > When Scott rebooted the machine, he typed in the new root password and
> >> > was in. The consultants jaw dropped, my boss laughed, and will now
> >> > trust my MCSE's judgement in all things related to IT in the company.
> >>
> >> Any machine is insecure if you have physical access to it.
> >>
> >> I can remove a hard drive from a "secure" NT machine and mount it in my own
> >> box and read everything.
> >
> >Not really. If that hard drive you mount was using NTFS with the
> >encryption option enabled, mounting that hard drive on another system
> >won't give you access to that data because the encryption keys are
> >different.
> >
> >Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> >boat loader into a shell without requiring the root password. Windows
> >2000 doesn't allow that. You need the Admin password in order to get
> >the machine in safe mode or to use the Windows 2000 to do a system
> >recovery. I know because I've done it and tested it.
>
> Ok guys this thread needs to end. Mike, case and point not to mention
> shutdown of your argument.
>
> Point 1: You CANNOT set the encryption option on the boot partition of
> windows. You can't set the compression option either. Guess what,
> unless you take that drive out and stick it in another PC, your
> "secure" windows won't be able to set the option on all the open OS
> files. And, if you did manage to set it with another PC, THAT pc will
> have the certificate to decrypt the files and your real server's OS
> wouldn't.
>
> Point 2: The encryption engine that controls all this requires certain
> components of windows to be running before the decryption process can
> begin. I'm not talking simple NTFS support here. The boot loader
> would have no way of reading that encrypted ntoskrnl.exe.
>
> Point 3: http://home.eunet.no/~pnordahl/ntpasswd/ here is a Linux boot
> cd that allows you to boot, mount any ntfs partition, load the SAM.
> Make changes and reboot. Guess what I just removed your administrator
> password on your secure box. Because the SAM is one of those files
> that you wouldn't be able to encrypt in the first place. And when I
> reboot that admin account is going to have the encryption keys to get
> ALL your data.

This is where you are wrong. If you set the encryption option in
NTFS, YOU WILL NOT GET THE DATA EVEN IF you modify the SAM file. That
is because the data was encrypted using the old admin password as the
key. Browsing that site confirmed it. Here is the direct quote from
the site you gave me:

"Why can't I access my encrypted (EFS) files after resetting the
password?

* Because in XP and possibly later service packs in win2k the
password itself is used to encrypt the keys needed for EFS.
* Sorry, there is no way to recover the files once the password
has been reset. "

http://home.eunet.no/~pnordahl/ntpasswd/

> Thank the failure of an OS that works on a file by file basis, not
> directories. The directory might be encrypted but the individual file
> is not and guess what. I can see those files just fine. If you're
> going to troll.

I'm not trolling. I use Linux in my spare time. I just don't see it
ready for the enterprise. Not to mention that I just proved your
previous point wrong that you cannot get an encrypted NTFS file. I
would gladly be happy if someone WROTE how to secure a Linux box so
this cannot happen, but no one seems to know.

>Go somewhere where someone isn't around that actually
> knows how windows works. Now go deal with the simple truth that no OS
> is secure at the console by design. This is so we can recover things
> when we humans forget passwords. This isn't a question of security.
> It is a question of sanity.

Since I proved you wrong, you actually don't know how Windows works.
Windows IS secure at the console. Sometimes data is valuable that you
don't want someone to be able to get into your machine even if they
are at the console. Windows is the solution for that type of
situation.

GreyCloud

unread,
Sep 11, 2004, 5:42:02 PM9/11/04
to

Mike Cox wrote:

And most enterprises that are critical don't see M$ windows as ready
either. Someday maybe in about 100 years or so, but not now.
No security in windows.

> Not to mention that I just proved your
> previous point wrong that you cannot get an encrypted NTFS file. I
> would gladly be happy if someone WROTE how to secure a Linux box so
> this cannot happen, but no one seems to know.
>

Simple... you lock up the room with the computer on the inside.

You want B level security then that's how its done... you want A level
security, you hire armed guards.


>
>>Go somewhere where someone isn't around that actually
>>knows how windows works. Now go deal with the simple truth that no OS
>>is secure at the console by design. This is so we can recover things
>>when we humans forget passwords. This isn't a question of security.
>>It is a question of sanity.
>
>
> Since I proved you wrong, you actually don't know how Windows works.
> Windows IS secure at the console.

Don't kid yourself. Windows is not secure. It has the worst track
record of any o/s in history.

> Sometimes data is valuable that you
> don't want someone to be able to get into your machine even if they
> are at the console. Windows is the solution for that type of
> situation.

Guffaw!! Yet the gov.cert tells people not to use IE or OE because of a
major security problem if you surf some bank web sites and you get a
worm that will steal all of your account numbers. Yep... all FOOBAR.

Philip Callan

unread,
Sep 11, 2004, 5:54:30 PM9/11/04
to

Upon partitioning the system, at install, you can select the 'more
options' field, and in the same place it allows you to choose filesystem
type there is a checkbox for 'encrypted filesystem'

Thomas Schweikle

unread,
Sep 11, 2004, 5:48:11 PM9/11/04
to
Mike Cox wrote:

[...]

This is correct. Reseting the password makes these Volumes
inaccessible. But why brother? Access to SAM makes passwords
crackable. Have some time, copy the SAM, crack the passwords, return
with the ones found. Log in. And you are done. With encripted files
it is the same, even simpler: copy them. You do not have to return
to this PC in any way. Only the password is needed to access them.

>> Thank the failure of an OS that works on a file by file basis, not
>> directories. The directory might be encrypted but the individual file
>> is not and guess what. I can see those files just fine. If you're
>> going to troll.
>
> I'm not trolling. I use Linux in my spare time. I just don't see it
> ready for the enterprise. Not to mention that I just proved your
> previous point wrong that you cannot get an encrypted NTFS file. I
> would gladly be happy if someone WROTE how to secure a Linux box so
> this cannot happen, but no one seems to know.

Not compleatly correct. This might be true for Linux too. You can
bind encrypted file systems on users passwords. Thus, if he looses
them ...! But you are not bound to do so. Windows on the other hand
binds you. Resetting the password renders files inaccessible. Linux
does so too. Loosing password for encrypted file systems renders
them inaccessible.

Linux/FreeBSD both go one step further (if you want) you'll have to
enter the key every time you mount the file system. Maybe several
different keys for several different file systems. You can't have a
setup like this with Windows. Just impossible.

This setup isn't useful on a server at all --- who wants to run
downstairs to the server, just to enter a key to make the reboot finish?

Please make sure you understand how Linux/FreeBSD encrypted FS work.
At the moment I would say you do not.

>>Go somewhere where someone isn't around that actually
>> knows how windows works. Now go deal with the simple truth that no OS
>> is secure at the console by design. This is so we can recover things
>> when we humans forget passwords. This isn't a question of security.
>> It is a question of sanity.
>
> Since I proved you wrong, you actually don't know how Windows works.
> Windows IS secure at the console. Sometimes data is valuable that you
> don't want someone to be able to get into your machine even if they
> are at the console. Windows is the solution for that type of
> situation.

No. It is not. Except you put the system into a save. Windows NT was
once certified for C1 security. All newer Windows versions are not.

--
Thomas

Dariusz Kuliński / TaKeDa

unread,
Sep 11, 2004, 7:13:00 PM9/11/04
to
On Sat, 11 Sep 2004 18:54:25 +0200, Thomas Schweikle wrote:

>> Not really. If that hard drive you mount was using NTFS with the
>> encryption option enabled, mounting that hard drive on another system
>> won't give you access to that data because the encryption keys are
>> different.
>>
>> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
>> boat loader into a shell without requiring the root password. Windows
>> 2000 doesn't allow that. You need the Admin password in order to get
>> the machine in safe mode or to use the Windows 2000 to do a system
>> recovery. I know because I've done it and tested it.
>
> Really? I am sure, it doesn't ask for a password if booting into the
> "rescue console".

2000 doesn't, XP does, but when booting from 2000 CD it won't ask =)

FUT: comp.os.linux.advocacy
--
tak...@IRCnet.EFnet, ICQ# 15827691, TLEN: taked4
EMAIL: 5570...@NOsneakemailSPAM.com
(remove CAPITAL letters from email if you want to contact me)
*http://eggwiki.takeda.tk - pomoc w używaniu botów po polsku*

Charles

unread,
Sep 11, 2004, 8:23:10 PM9/11/04
to
Em 10 Sep 2004 11:38:39 -0700, Mike Cox <mikeco...@yahoo.com> escreveu:

> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> boat loader into a shell without requiring the root password.

I don't call it unsecurity. I call it conveniency.

--
Charles.

"Did you have your Win dose today?"

Dariusz Kuliński / TaKeDa

unread,
Sep 11, 2004, 9:43:12 PM9/11/04
to
On Sat, 11 Sep 2004 22:52:05 +0200, Jesse F. Hughes wrote:

>> Give me a few minutes...
> Why be so oblique? If you know how to do so, just say how.

You get hashes from SAM file, start L0phtCrack (very hard passwords can
take 24 hours max). Most password you can get from few seconds to one hour.

Dariusz Kuliński / TaKeDa

unread,
Sep 11, 2004, 9:43:13 PM9/11/04
to
On Sat, 11 Sep 2004 23:48:11 +0200, Thomas Schweikle wrote:

> This is correct. Reseting the password makes these Volumes
> inaccessible. But why brother? Access to SAM makes passwords
> crackable. Have some time, copy the SAM, crack the passwords, return
> with the ones found. Log in. And you are done. With encripted files
> it is the same, even simpler: copy them. You do not have to return
> to this PC in any way. Only the password is needed to access them.

I just want to add, that because windows generates separate hashes for
every 8 password characters, and for each part it stores two hashes (one
that stores hash of password in uppercase) It doesn't take much time to
crack them, it appears to be about 24 hours using L0phtCrack.

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:07 AM9/13/04
to
In comp.os.linux.advocacy, Hamilcar Barca
<hami...@tld.always.invalid>
wrote
on Thu, 09 Sep 2004 23:25:43 -0600
<20040910012529.204$2...@news.newsreader.com>:
> In article <3d6111f1.04090...@posting.google.com> (Thu, 09 Sep

> 2004 21:00:34 -0700), Mike Cox wrote:
>
>> When Scott rebooted the machine, he typed in the new root password and
>> was in. The consultants jaw dropped, my boss laughed, and will now
>> trust my MCSE's judgement in all things related to IT in the company.
>
> Your story is surprisingly uninteresting and, to top it off, amazingly
> fictitious.
>

I doubt it's fictitious in the sense that one can easily do the above.
It's mostly a matter of compromising physical security with
something along the lines of a Knoppix disc -- pop it in,
mount, edit, and presto ... the machine's 0wn3d.

However, there are a number of defenses, some of them rather simple.

[1] BIOS password. It takes a bit of work to get around that,
although it's not all that strong as a defense, if one
has a screwdriver handy.

[2] LILO/GRUB password. Not quite as general as [1], but that
screwdriver won't help, either; the best one can do is
some judicious disk sector editing -- and that of
course requires root access.

[3] Encrypted volumes. If one's serious about security one should
at least consider these. Thankfully, Linux supports these
without too much hassle -- although I'd have to look up
the details.

[4] BIOS bootorder. You can forget about booting that Knoppix disk
if this is done right. (You can forgot about booting the machine
at all if done wrong, of course. :-) )

[5] UML/virtual machines. This rather esoteric variant
would work reasonably well; the idea is that the
overlayer (the native Linux kernel) would have no idea
as to what the underlayer (the emulated machine) is
doing; all the overlayer sees is a "linux" executable
running, disk I/O (which goes through the overlayer's
file system, like any good app), and the virtual packet
(TAP/TUN) network traffic. The underlayer could
combine this with SSL and encrypted volumes, plus an
image backup. There is a price to pay, admittedly
-- a small performance penalty for single processor
machines, an unknown performance penalty for multiple
processor machines, mostly because I don't know if
the underlayer threads can use overlayer processor
resources.

[6] Linux BIOS. This interesting variant basically loads the
kernel on the BIOS chip -- and is reminiscent of good old
Amiga Kickstart from days gone by, albeit with a more
sophisticated operating system (though not much more
sophisticated; the main failing of the Amiga Exec was that
its scheduler didn't have dynamic priority adjustment
or virtual memory management -- and the latter was added
by add-on products, although the results were of questionable
reliability, mostly because each app had to be registered
with the software, for some reason).

[7] Diskless CD-boot. A system image is placed on CD
or DVD, and sufficient RAM is on the system so that
no swap is needed for the application. The temporary
file system is stored on a ramdisk. Such a machine
might be compromisable but a reboot would usually
"fix" the compromisation (although some of the more
sophisticated viruses might hide in a secretive RAM
spot during the reboot!) and no damage could be
done to the machine itself, although depending on the
application (which presumably transmits requests to
a back end), things could get slightly muddled elsewhere.

An alternative is some sort of PXE or PXE-like boot
capability, using GRUB and a central file server.
Since this requires the network there's a possibility
of jamming or hijacking, though -- although with modern
switches this appears far less likely than with the
old hubs, at first blush. (It may depend on the switch.)

[8] Self-firewalling. This weird capability basically means that
a box can't talk to itself, and might be next to useless
unless combined with [5]. There are also possibilities
such as transparent NAT, blacklists, and whitelists -- all
done with iptables. Such a box would do as a firewall,
though more specialized hardware is presumably out there
by now.

I'll admit to some curiosity as to what Windows has that can
compete with these, although it is possible for Windows
to run Linux (www.colinux.org or .com; I forget which), run
virtual machines (using VMWare), and support encrypted volumes.
There is also an Embedded XP variant, which suggests [7].

And of course Windows touts a firewall. (How good it is, I
can't say. A firewall won't be much of a defense against,
say, the old Anna K. virus, if someone's stupid enough to
open it.)

--
#191, ewi...@earthlink.net
It's still legal to go .sigless.

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:09 AM9/13/04
to
In comp.os.linux.advocacy, Mike Cox
<mikeco...@yahoo.com>
wrote
on 10 Sep 2004 11:18:44 -0700
<3d6111f1.04091...@posting.google.com>:

> cmad <cma...@NOyahoo.comSPAM> wrote in message news:<chrdtu$6ck$1...@usenet.otenet.gr>...
>> Mike Cox wrote:
>>
>> > When this consultant showed up, my MCSEs were ready to show how much
>> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>>
>> $$$$$

>>
>> > When the consultant was done with the demo, my MCSE, Scott, went up to
>> > the Linux box, and did the following:
>>
>> And he had to first get past the initial password check to do that,
>> right? But in front of him he had a box, where he had root access. Of
>> course he could do the below, and many many others.
>>
>> > linux init=/bin/sh
>> > mount -o remount -rw /
>> > mount /proc
>> > passwd
>> > mount -o remount -ro /
>> > umount /proc
>>
>> Is it just me or did he do a "skills showoff"? 5/6 of the above commands
>> needn't have been typed.
>>
>> > When Scott rebooted the machine, he typed in the new root password and
>> > was in. The consultants jaw dropped, my boss laughed, and will now
>> > trust my MCSE's judgement in all things related to IT in the company.
>>
>> If you want to run Windows, run Windows; no one is stopping you.... But
>> believing that *nix is insecure because someone with root access to it
>> changed the password is quite funny.
>
> That's not what he did. You don't understand *nix if you don't know
> that everyone of those commands is needed.

[1] Get Knoppix disk, or equivalent.
[2] Shutdown, insert disk, reboot, and log in. Note that you're
logging into the *Knoppix* disk here.
[3] mkdir /tmp/mount; mount /dev/hdxy /tmp/mount
[4] chroot /tmp/mount /bin/bash
[5] passwd.
[6] Exit shell, umount /tmp/mount.
[7] Reboot, removing Knoppix disk as the BIOS starts up.
[8] You're in.

Should work on a large majority of boxes if their BIOS isn't set right.

Your method would also work, of course.

> The box was not logged in
> to, it had the login prompt there. Scott rebooted (ctrl alt del) the
> machine and passed a command to GRUB that booted linux into the BASH
> shell. He then mounted the /proc file system and then the /
> filesystem. He then changed the password.
>

> Every *nix machine is vulnerable to this sort of local security flaw.
> If you password protect the BIOS to prevent this, someone can just
> take out the battery out of the PC and then the BIOS password is
> reset. Someone can just take the Linux disk out, boot their own system
> and mount your disk no problem.
>

> Windows doesn't have this flaw. It requires the Administrator


> password before it will let you into safe mode or use the Windows 2000
> recovery CD. If you use the NTFS filesystem, you can select to

> encrypt the hard drive filesystem. That prevents someone from taking
> the disk out and trying to mount it using another OS. If you have


> encryption enabled, and mount a Windows disk on Linux, you wont be

> able to get in. I've tried it. Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever. But not with Linux.

> Forget you root password, and you can get a new one in about 1 minute.

> Not very secure. Not ready for the enterprise.


>
> And a BIOS password is not a fix. Someone can just take the battery
> out of the PC and it is reset.

Why, I do believe you're right. This means, of course, that
Windows security is far superior to Linux's, as the viruses
wandering into a Linux system are well aware...

:-P

So tell me again which system's more secure from a remote
attacker's standpoint? Never mind the local; one could
shut down the machine, unbolt the hard disk, and walk away
with it concealed underneath his coat. (And probably not
find anything useful if it's encrypted, but never mind that;
both systems have that option.)

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:10 AM9/13/04
to
In comp.os.linux.advocacy, Peter Köhlmann
<Peter.K...@t-online.de>
wrote
on Fri, 10 Sep 2004 23:56:32 +0200
<cht7o3$mbu$02$2...@news.t-online.com>:
> begin PastaVerde wrote:
>
>> On Fri, 10 Sep 2004 20:30:35 GMT, Rapskat <rap...@mailblocks.com>
>> wrote:
>>
>>>Second, you can configure the bootloader so that this little trick isn't
>>>possible.
>>
>> If it comes like this by default, there is a 99.9% chance that it will
>> stay like this on most systems, which are then completely vulnerable.
>
> You may feel free now to support your claim that more than 99.9% of NTFS
> file systems are encrypted
> Because if they are not, anyone can do everything he wishes with them

If there is a default encryption, it's like the SYSTEM/MANAGER
password combo that was prevalent on pre-v4.0 VAX machines.
Anyone would use the default combo as a first guess.

And I have my doubts there is one -- although knowing Microsoft
they'll think about it and do so as a marketing gimmick. :-)

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:12 AM9/13/04
to
In comp.os.linux.advocacy, Philip Callan
<call...@shaw.ca>
wrote
on Sat, 11 Sep 2004 21:54:30 GMT
<quK0d.394847$gE.139209@pd7tw3no>:

I'm not sure it's a checkbox (except perhaps as a kernel
build), but there is a cryptoloop option. Presumably,
this is a device that behaves much like the loop device,
only it has an encryption method built in, presumably with
a password specified at mount time.

I've not tried it, but it's typical of Unix philosophy: a
specialist that can be hooked into the system.

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:13 AM9/13/04
to
In comp.os.linux.advocacy, Donn Miller
<dmmi...@cvzoom.net>
wrote
on Fri, 10 Sep 2004 03:35:37 -0400
<2qd3qbF...@uni-berlin.de>:

> Mike Cox wrote:
>> An opensource consultant visited my workplace recently and was
>> upstaged by my MCSEs.
>
> LOL! This is some of the funniest stuff I've seen in here. Of course
> Cox has been trolling OpenBSD, saying it can't be secure because it
> doesn't have ASP.NET.

ObHuh: Huh?!

Oh sure, like that makes *any* sense. Might as well complain that
Windows isn't useful because it doesn't have Java. (J++ doesn't
count; it's too old. :-) )

It's funny stuff, all right. I'm not sure if it's humorous, though. :-)
(Certainly not intentionally!)

However, AFAIK any consultant worth his salt would require that
the unit be properly secured anyway, so that people can't stick
a floppy or Knoppix disk in its face, reboot, and proceed to
compromise the machine. (If those fail, of course, one can
then whip out the trusty screwdriver and short out something on
the mobo to disable the BIOS password. Or something. I can't
say I've tried it and I'd rather not, thank you. :-) )

But assuming one can't open the case (or pull the plug), one might
be able to stick floppies into its face and CD-ROMS as well,
without too much worry; Linux can disable CTRL-ALT-DEL (in fact,
it has to be *enabled* in order for it to work on Linux [most
distros enable it by default]; the relevant line is

ca:12345:ctrlaltdel:/sbin/shutdown -r now

in /etc/inittab on my box; comment it out, and the three-fingered
salute simply won't work. Or one can modify it to one's
taste, though I'm not sure how useful that is, really, beyond
saying nasty things to the would-be hacker such as "Nice try,
suckah. Did you want me to phone Security or something?" ;-)
But there's probably a use; in any event, the default usage
allows for a clean shutdown, if the kernel/box is still sane.)

And of course only those properly authorized can mount
floppies or CDs. Admittedly, I'm not sure how one sets
up group ownership of a floppy or CD-ROM physical device
with the new devfs or udfs (?) filesystems, but there's
probably a config file somewhere. If one's in the group,
no problem; otherwise, sorry Charlie.

Not that Windows doesn't have these capabilities -- it
most probably does -- but Linux most certainly has them.

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:15 AM9/13/04
to
In comp.os.linux.advocacy, Liam Slider
<li...@NOSPAM.liamslider.com>
wrote
on 10 Sep 2004 14:10:58 GMT
<pan.2004.10.09....@NOSPAM.liamslider.com>:
> On Fri, 10 Sep 2004 04:57:04 -0400, Hacking Coff wrote:
>
>> MCSE Lesson #1 - How to show that *nix is less secure than Windows.
>>
>> MCSE Lesson #2 - How to show that *nix costs more than Windows.
>>
>> MCSE Lesson #3 - How to troll COLA.
>>
>> I think that about covers the MCSE course load.
>
>
> You forgot...
>
> MCSE Lesson #4 - How to reinstall Windows in order to solve every single
> Windows problem.

Hmph. What's so hard about that? :-)

[1] Take dual-boot capable box.
[2] Boot Knoppix disk.
[3] dd if=/dev/hda1 of=somewhere
[4] If Linux fouls itself, simply reverse [3].

(Of course, this assumes the box hasn't been invaded yet.)

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:16 AM9/13/04
to
In comp.os.linux.advocacy, Dariusz Kuliński / TaKeDa
<spam_go...@takeda.tk>
wrote
on Sat, 11 Sep 2004 18:43:12 -0700
<tcd7h9h0um25$.d...@stupidworms.takeda.tk>:

> On Sat, 11 Sep 2004 22:52:05 +0200, Jesse F. Hughes wrote:
>
>>> Give me a few minutes...
>> Why be so oblique? If you know how to do so, just say how.
>
> You get hashes from SAM file, start L0phtCrack (very hard passwords can
> take 24 hours max). Most password you can get from few seconds to one hour.
>

24 hours max?! Ye gods... at least the 40-bit encryption
scheme used by Netscape at one point took a week to crack
using a server farm.

It's better than nothing, but one might as well use papier mache
for a safe vault. :-)

The Ghost In The Machine

unread,
Sep 13, 2004, 10:38:17 AM9/13/04
to
In comp.os.linux.advocacy, Ben O'Brien
<fto...@hotmail.com>
wrote
on Fri, 10 Sep 2004 23:08:03 +1000
<4141a726$0$22794$5a62...@per-qv1-newsreader-01.iinet.net.au>:
> Mike Cox wrote:
> <some bullshit>
>
> Mike Cox eh? Sure that isn't spelled Rosoft?

I think it's spelled "STUPID FUD". :-P I'll give him credit
for getting the actual commands (though not the sequence)
more or less right, but that's about it.

It is loading more messages.
0 new messages