Mailing List Archive

> He wanted to show me that he can access /etc/shadow with my user but
of course he couldnt :)

Correct me if I am wrong but a "User" should not be able to access
shadow anyway - only root can...

So buy him thinking that any user can access /etc/shadow - this would
suggest to me that he don't have a clue..

Which in my mind indicates that your gonna do all this effort to keep
him out but is it really worth it if it seems he don't even know the
second thing about linux ??? The first thing in his case being that
there is such a thing as a shadow file... ;)

--
gentoo-security@gentoo.org mailing list

Drew Kirkpatrick wrote:
> In case someone hasn't mentioned it yet, has he ever had access to
> this laptop before by any chance? He may have already compromised it.
> You might want to verify that it's clean now. It would make for a real
> short contest if he already has a rootkit on there :)

Another potential risk is that he's been or is planning on
shoulder-surfing to pick up appropriate passwords. I know that's been a
highly successful low-tech attack vector, in keeping with the "chats"
discussion several posts ago.

The biggest threat vectors are probably non-technical in nature.

-Bill
--
William Yang
wyang@gcfn.net

--
gentoo-security@gentoo.org mailing list

I do not believe the "Windows IT pro" will use one of these techniques as his
goal is to prove that windows is more secure than linux. Rooting the box with
such techniques would do no good as it proves absolutely nothing, except maybe
the fact that some windows administrators are lamers. ;)

Quoting William Yang <wyang@gcfn.net>:

> Drew Kirkpatrick wrote:
>> In case someone hasn't mentioned it yet, has he ever had access to
>> this laptop before by any chance? He may have already compromised it.
>> You might want to verify that it's clean now. It would make for a real
>> short contest if he already has a rootkit on there :)
>
> Another potential risk is that he's been or is planning on
> shoulder-surfing to pick up appropriate passwords. I know that's been a
> highly successful low-tech attack vector, in keeping with the "chats"
> discussion several posts ago.
>
> The biggest threat vectors are probably non-technical in nature.
>
> -Bill
> -- William Yang
> wyang@gcfn.net
>
> --
> gentoo-security@gentoo.org mailing list
>
>






--
gentoo-security@gentoo.org mailing list

On Thursday 17 February 2005 16:12, Venkat Manakkal wrote:
> Look at http://loop-aes.sf.net/ - you can encrypt your root partition
> (essentially entire fs, swap etc) and even boot the laptop from a cdrom or
> usb stick. Using multi-key encrypted FS with a gpg secured keyfile is as
> safe as a) the possession of the private key failing which b) your
> passphrase.
>

Please remember that there is one other point that must be secured against:
Your kernel. As the kernel is needed to read the encrypted stuff, your kernel
itself must be unencrypted. If a hacker has access to write to your disc he
could change this kernel. So you must use either a readonly device to boot
from, or use a token to boot from. When you don't you could boot a
compromised kernel which has as additional feature that it mails your
passphrase to the hacker.

Paul

--
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net