[ubuntu-uk] System Security (Was Re: Password recovery)

Matthew Macdonald-Wallace matthew at truthisfreedom.org.uk
Sun Jul 6 22:14:01 BST 2008 

Quoting Jason Liquorish <jason at dropshock.com>:
> If you boot to the recovery console then you have full root access. from
> here you can run "passwd <username>" to change the password of that
> user. I have had this problem before and it was worrying to find out how
> easy it was to do this, although if someone has physical access to your
> computer its as good as compromised anyway.

Indeed, if you have a live CD (even if it's a really basic one such as  
a debian/ubuntu installer), there is a huge amount of damage you can  
do to a system.

 From a relatively modern (last year or so) Linux-based Live CD, you  
can do the following:

On a windows System:

    * Mount the hard-disks and copy any data onto either a USB key or  
the internet
    * Use the copied data to take information about the system-setup  
(especially if you can get a copy of the registry!) and therefore  
information about the network it is attached to
    * Leave (hopefully without detection) and use the information you  
have recovered without anyone knowing you were there in the first place.
    * Format the harddisks (although why you'd want to do this I have  
no idea - it's a dead giveaway you've been up to something!!!)

On a Linux System:

    * All of the above
    * mount and "boot" into the local system via a "chroot" allowing  
you to run the system and install software (although unless you're  
careful you'll leave logs all over the place)
    * Change passwords (including root!!) although quite often this is  
also a dead giveaway

How to protect against this? If it's your desktop, don't let people  
near it.  If it's your server - keep it locked, only attach a keyboard  
when you do maintainence and ensure that you know exactly when and why  
it is off-line (any unusual outages should be investigated immediately).

Am I paranoid? Yes.  Has it paid off in the past? Absolutely.

And yes...I have used some of the above techniques (with permission  
from the system owners and not whilst employed by my current  
employer!!!) to "recover" systems into our control.

Hope I've not given anyone nightmares,

M.
-- 
Matthew Macdonald-Wallace
matthew at truthisfreedom.org.uk
http://www.truthisfreedom.org.uk/

More information about the ubuntu-uk mailing list