<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">I just told you that I don’t know how to do it in Linux. But that it should be possible. That’s all I can help you with.<div><br></div><div><div><div>On Feb 27, 2014, at 11:21 PM, paul g <<a href="mailto:pj.world@hotmail.com">pj.world@hotmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div class="hmmessage" style="font-size: 12pt; font-family: Calibri; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div dir="ltr">Ryan please could you please consider the GNU/Linux users out there who are struggling to secure their computers from the outside in also.<span class="Apple-converted-space"> </span><br><br>Please take point to talk a bit about the 'PCI compliance options and features available' and the like also if I can ask could you please discuss about 'how to update bios under GNU/Linux - instead of an hp windows update package.'<br><br>Do you have some experience with writing Bios type programs?<span class="Apple-converted-space"> </span><br><br>I am sorry to be a bother.<br><br><br>Thank you for your time<br><br><div><hr id="stopSpelling">From: <a href="mailto:ryanjcole@me.com">ryanjcole@me.com</a><br>Date: Thu, 27 Feb 2014 23:07:57 -0600<br>To: <a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br>Subject: Re: [tclug-list] Do strong root passwords prevent alternative access?<br><br>No, not very likely. <div><br></div><div>I know in Windows and Mac OS X how to encrypt hard drives but those, in my experience, require user intervention to decrypt to boot up. I’m sorry I cannot be of much further help on the subject.</div><div><br></div><div>My previous job (from which I was recently let go) required PCI compliance and that meant, in my case, an encrypted hard drive. I have two passwords on my Mac to enter. The HDD password (22 characters) followed by my OS user password (11 characters).</div><div><br></div><div><blockquote>I am sorry to double post. Would it be wise to shut down the bios level boot drives what other measures could a limited knowledge user take in act at that point? What if the bios has no set password feature? is their a 'RAM' level feature one can burn into the systems single disk before even MBR or any other bootloader gets it? Is there a way to implement Bios password login without the Bios supporting password accessibility? </blockquote></div><div>There must be a PCI compliance feature built into your OS. I just wouldn’t know where to direct you.</div><div><br></div><div><br><div><div>On Feb 27, 2014, at 10:45 PM, paul g <<a href="mailto:pj.world@hotmail.com">pj.world@hotmail.com</a>> wrote:</div><br class="ecxApple-interchange-newline"><blockquote><div class="ecxhmmessage" style="font-size: 12pt; font-family: Calibri; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><div dir="ltr">What can someone with limited experience do to prevent or postpone even a bit a situation where their root password is useless beyond unplugging the machine for the wall? If the Machine supports a bios password can that help in ones defense mechanism?<span class="ecxApple-converted-space"> </span><br><br>Thank you,<br><br><div><hr id="ecxstopSpelling">From:<span class="Apple-converted-space"> </span><a href="mailto:ryanjcole@me.com">ryanjcole@me.com</a><br>Date: Thu, 27 Feb 2014 22:37:28 -0600<br>To:<span class="Apple-converted-space"> </span><a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br>Subject: Re: [tclug-list] Do strong root passwords prevent alternative access?<br><br>No. Nien. Nada. Zilch. Nunca. Bubkis.<div><br></div><div>Encrypted hard disks/drives/images are encrypted through and through. A root password is defenseless against a boot image - I can (and have, mind you, many times) take over a system using just a bootable CD or USB. I even reverse-engineered part of a vendor’s platform to show them exactly how prone to attack their hardware was.</div><div><br></div><div><br></div><div><br><div><div>On Feb 27, 2014, at 10:34 PM, paul g <<a href="mailto:pj.world@hotmail.com">pj.world@hotmail.com</a>> wrote:</div><br class="ecxApple-interchange-newline"><blockquote><div class="ecxhmmessage" style="font-size: 12pt; font-family: Calibri; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><div dir="ltr">A simple question: Do strong passwords on a unencrypted harddisk 'root or sudo users' prevent really any sense of security if one chooses to boot into the system using a,an 'prefabbed .iso' or run a program that could search for a plain text password such as 'plain text'. Would the kernel version matter for security reasons in this event?<br><br>Thank you,<span class="ecxApple-converted-space"> </span><br><br><br></div>_______________________________________________<br>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br><a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br><a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a></div></blockquote></div><br></div><br>_______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<span class="ecxApple-converted-space"> </span><a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a></div></div>_______________________________________________<br>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br><a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br><a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list" target="_blank">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a></div></blockquote></div><br></div><br>_______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota <a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a> <a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a></div></div>_______________________________________________<br>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota<br><a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a><br><a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a></div></blockquote></div><br></div></body></html>