<html><head></head><body><div>True Story</div><div><br></div><div>Give an untrusted person physical access to a machine and you're pwned.</div><div><br></div><div>That's been the story for decades. Modern enhancements make it more difficult but all bets are off when a bad person has physical access to the hardware. </div><div><br></div><div>Even if they don't actually obtain access to the unencrypted data on the hardware, your recovery is only as good to when you last had a good backup if you end up with missing hardware.</div><div><br></div><div>Misconfigure the VM or the container or access to your platform and physical access to the hardware takes on a new meaning.</div><div><br></div><div>If I can create a container on your hardware, I may have physical access to your hardware.</div><div>See <a href="https://blog.jessfraz.com/post/docker-containers-on-the-desktop/">https://blog.jessfraz.com/post/docker-containers-on-the-desktop/</a></div><div>Specifically look at #7 Gparted</div><div><br></div><div>Modern technologies have opened new vectors and closed old vectors for pwning your stuff.</div><div><br></div><div>Stay vigilant.</div><div><br></div><div><br></div><div>On Wed, 2017-09-13 at 12:10 -0500, Clug wrote:</div><blockquote type="cite"><pre>The thing is, if someone has physical access to your machine, they've
pretty much bypassed 99% of any security measures you have. This is not
new and not unknown; most people simply ignore that because who's going to
go into your house with a USB stick just to boot your computer?
That said, there are many ways to block this. You can have a boot password
right in the BIOS. Then nobody can boot your machine. You can also block
booting from CD or USB in the BIOS and put a password on the BIOS setup.
Course, that means someone can just steal your harddrive and plug that
into another computer. This is where full-disk ecryption comes in.
If that's too much for you, most Linux distros will let you encrypt your
homedir.
On Wed, 13 Sep 2017, Rick Engebretson wrote:
<blockquote type="cite">
As I play around backing up, upgrading, and what-not, I use
not-so-hotswappable hard disk drives. Sometimes I goof up and have a bad
/etc/fstab file and the system will hang at boot. In older distros there were
some instructions to boot to root and use "mc" to edit /etc/fstab. This newer
opensuse distro had me stumped how to just get the filesystem going.
So I tried the Fedora Live DVD and booted to DVD, mounted the boot hard drive
in KDE "dolphin" file manager, opened the KDE editor "kwrite," edited and
saved the system file /etc/fstab, and rebooted the opensuse hard drive smooth
as silk.
I might be wrong, but these Linux Live DVDs seem to open a giant security
hole.
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a>
<a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a>
</blockquote>
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
<a href="mailto:tclug-list@mn-linux.org">tclug-list@mn-linux.org</a>
<a href="http://mailman.mn-linux.org/mailman/listinfo/tclug-list">http://mailman.mn-linux.org/mailman/listinfo/tclug-list</a>
</pre></blockquote></body></html>