[Linux-disciples] Why no password for the root account?
Stephen R Laniel
steve at laniels.org
Sat Apr 30 20:17:08 EDT 2005
On Sat, Apr 30, 2005 at 07:28:25PM -0400, Dylan Thurston wrote:
> The first attack I can think of would be to install a keyboard
> sniffer.
The attacker can only installed the sniffer if he has access
to your unencrypted filesystem, right? If the filesystem's
encrypted, I don't see how he could get the sniffer on.
> The lock or password-protected BIOS isn't going to help you much. All
> locks can be broken given enough time. And the BIOS can be replaced
> if there's no easier way around it.
An external lock would provide at least some deterrence. If
the attacker really wants what's on the disk, he'll break
through it. But a common thief might look to other laptops
before stealing the locked one.
As for the BIOS: you're right. That wouldn't be very useful.
> Don't forget your boot loader.
Hmm ... is there any reason that the bootloader has to be
unencrypted? What if you had to type in a passphrase just to
run the bootloading program?
--
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20050430/4ccc7e09/attachment.pgp
More information about the Linux-disciples
mailing list