Root password - is it THAT simple to alter it?
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is. Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets? Cheers. -- The first myth of management is that it exists.
On 8/26/05, Basil Chupin <blchupin@tpg.com.au> wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Cheers.
-- The first myth of management is that it exists.
The first myth of computer security is that physical security can be ignored :) Best, Ben
Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Yes. The first line of security, is physical security. Even without changing the password, it's easy to boot a rescue disk and access the files. The same applies to Windows etc. Even a password protected computer won't help, as a hard drive can easily be moved to another computer. The only way around this is to use encryption or prevent physical access to your computer.
Yes. The first line of security, is physical security. Even without changing the password, it's easy to boot a rescue disk and access the files. The same applies to Windows etc. Even a password protected computer won't help, as a hard drive can easily be moved to another computer. The only way around this is to use encryption or prevent physical access to your computer. The same applies to commercial Unix systems also as well as to some
On Friday 26 August 2005 10:14 am, James Knott wrote: proprietary systems. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
James Knott wrote:
Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Yes. The first line of security, is physical security. Even without changing the password, it's easy to boot a rescue disk and access the files. The same applies to Windows etc. Even a password protected computer won't help, as a hard drive can easily be moved to another computer. The only way around this is to use encryption or prevent physical access to your computer.
Thanks to you and all others who responded. This has been a hole in my "education" about computers which has now been closed tightly. I have all my HDs sitting in cradles so that they all get locked away in a safe place at those times when the house is left unattended. This has been done to this point only with the monetary value, and the nuisance value, of the HDs in mind should they get nicked but now new thinking has to be put into place. I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?). Thanks to all for the wake-up call :-). Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.
Basil Chupin wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Don't forget, some of your data might be retained in /tmp or the swap partition.
James Knott wrote:
Basil Chupin wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Don't forget, some of your data might be retained in /tmp or the swap partition.
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password. Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere? Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS? Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this? Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.
Basil Chupin wrote:
James Knott wrote:
Basil Chupin wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Don't forget, some of your data might be retained in /tmp or the swap partition.
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this?
I haven't examined that method, but unless you encrypt the disk you can still read the data, by booting with a rescue disk. So, once again, without physical security, there is no security.
James Knott wrote:
Basil Chupin wrote:
James Knott wrote:
Basil Chupin wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Don't forget, some of your data might be retained in /tmp or the swap partition.
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this?
I haven't examined that method, but unless you encrypt the disk you can still read the data, by booting with a rescue disk. So, once again, without physical security, there is no security.
Thanks for that. I'll try and create a rescue floppy to test this out, but it seems to me that the resuce disk will try and boot you into the system which expects the password - maybe, I'm only guessing. Tired to create the 6 boot floppies tonight but 9.3 wouldn't create them although miraculously I managed to create the first one. Something not right here... Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.
Basil Chupin wrote:
Thanks for that. I'll try and create a rescue floppy to test this out, but it seems to me that the resuce disk will try and boot you into the system which expects the password - maybe, I'm only guessing. Tired to create the 6 boot floppies tonight but 9.3 wouldn't create them although miraculously I managed to create the first one. Something not right here...
A resue disk should be able to boot without regard to any passwords for users of the system. You can download any of several rescue CD images from the internet or even use the 1st SuSE install CD or the DVD, to boot into a rescue system. The SuSE disks will also allow you to boot an existing Linux install.
On Mon, 29 Aug 2005 13:58:15 +1000 Basil Chupin <blchupin@tpg.com.au> wrote:
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this? I agree with the last statement. But, GRUB security can easily be defeated by using bootable media.
-- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
On Tuesday 30 August 2005 02:37, Jerry Feldman wrote:
On Mon, 29 Aug 2005 13:58:15 +1000
Basil Chupin <blchupin@tpg.com.au> wrote:
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this?
I agree with the last statement. But, GRUB security can easily be defeated by using bootable media.
True, but so can most security! The problem with using bootable media is gaining physical access to machine, So I guess it depends on the enviroment... -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================
Sunday 28 Aug 2005 18:48 samaye James Knott alekhiit:
Don't forget, some of your data might be retained in /tmp or the swap partition.
Is there, then, a way to empty /tmp and swap everytime I shutdown? -- Shriramana Sharma Sym454 2005-08-23 http://samvit.org Penguin #395953 /
Shriramana Sharma wrote:
Sunday 28 Aug 2005 18:48 samaye James Knott alekhiit:
Don't forget, some of your data might be retained in /tmp or the swap partition.
Is there, then, a way to empty /tmp and swap everytime I shutdown?
You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk. As for swap, you'd have to write junk to the partition on shut down. Or you could simply have enough RAM, that you don't need a swap.
Sunday 04 Sep 2005 18:20 samaye James Knott alekhiit:
Is there, then, a way to empty /tmp and swap everytime I shutdown?
You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk.
And also means that my RAM will be hogged for this purpose, yes?
As for swap, you'd have to write junk to the partition on shut down.
How?
Or you could simply have enough RAM, that you don't need a swap.
How do you say about 1.5 GB? (Don't have it now, but planning to get.) -- (o- Penguin #395953 lives at http://samvit.org //\ subsisting on ancient Indian wisdom ... V_/_ and modern computing efficiency! :)
Shriramana, On Sunday 04 September 2005 06:39, Shriramana Sharma wrote:
Sunday 04 Sep 2005 18:20 samaye James Knott alekhiit:
Is there, then, a way to empty /tmp and swap everytime I shutdown?
You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk.
I would not recommend this. Some programs write sizeable files to /tmp.
And also means that my RAM will be hogged for this purpose, yes?
As for swap, you'd have to write junk to the partition on shut down.
How?
Just copy /dev/null to the swap area.
Or you could simply have enough RAM, that you don't need a swap.
How do you say about 1.5 GB? (Don't have it now, but planning to get.)
Of course, it depends on the use you make of the system, but in all likelihood you can get away with out swap with that much RAM. Youc an also swap to a file instead of to a partition. Then during your shutdown processesing, you can easily overwrite it with random numbers. Although now that I think of it, it's no easier than doing the same with a partition. If you're going to take this approach (overwriting your swap area) be sure to disable it as an active swap area first and be sure that you re-run "mkswap" ("man mkswap") before attempting to reactivate for swapping. Lastly, if you're going to copy from a boundless file such as /dev/null to a plain file, then use the "dd" command at copy exactly as many (kilo- or mega-) bytes as the file alrady holds. Otherwise it will just grow until all the disk space is occupied. Copying to a partition will fail if you try to overwrite its limits. Randall Schulz
On September 4, 2005 10:30 am, Randall R Schulz wrote:
Shriramana,
On Sunday 04 September 2005 06:39, Shriramana Sharma wrote:
Sunday 04 Sep 2005 18:20 samaye James Knott alekhiit:
Is there, then, a way to empty /tmp and swap everytime I shutdown?
You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk.
I would not recommend this. Some programs write sizeable files to /tmp.
And also means that my RAM will be hogged for this purpose, yes?
As for swap, you'd have to write junk to the partition on shut down.
How?
Just copy /dev/null to the swap area.
Who are you defending your data from? Data recovery experts are able to undo several writes to a disk, which is why wipe disk programs do several passes, and agencies that are concerned about loss of data grind up the disk afterwards rather than take the chance that someone may have improved the technique to read wiped data. There have also been rumors that they can read data from old ram, and the EM leaking from your screen can be read from across the street.
Mike, On Sunday 04 September 2005 09:56, Mike wrote:
On September 4, 2005 10:30 am, Randall R Schulz wrote: ...
As for swap, you'd have to write junk to the partition on shut down.
How?
Just copy /dev/null to the swap area.
Who are you defending your data from?
Defending? I'm under no delusions that any data I have would attract such attention. The only thing I have of value is a credit card (number), and that's more easily, reliably, safely and efficiently accessed in a variety of other ways that don't involve breaking into my home and stealing the hard drives from my computer.
Data recovery experts are able to undo several writes to a disk, which is why wipe disk programs do several passes, and agencies that are concerned about loss of data grind up the disk afterwards rather than take the chance that someone may have improved the technique to read wiped data.
Even assuming this claim is valid, why on earth would anybody go to these lengths? And does anyone ever stop to apply logic to this claim? Do you think this retained data is neatly layered so you can distinguish the remnants from each of those previous write cycles? But by all means lets get paranoid here. We're all in possession of information that is of such immense value that not only do we need iron-clad vaults capabable of deflecting armed terrorists and nuclear attackes, encryption that will defend against quantum computers and above all, the ability to protect us from science fiction scenarios such as those seen on TV shows like CSI. Get real. Wipe the swap space once and forget about it.
There have also been rumors that they can read data from old ram, and the EM leaking from your screen can be read from across the street.
I've got some rumors for you. Sheesh. Randall Schulz
On Sunday 04 Sep 2005 18:11, Randall R Schulz wrote:
Mike,
On Sunday 04 September 2005 09:56, Mike wrote: <SNIP>
Data recovery experts are able to undo several writes to a disk, which is why wipe disk programs do several passes, and agencies that are concerned about loss of data grind up the disk afterwards rather than take the chance that someone may have improved the technique to read wiped data.
Even assuming this claim is valid, why on earth would anybody go to these lengths?
OK, one of my close friends is head of IT auditing for a major City law firm. Recently, a dispute arose between two of their clients over a clause in a contract. Basically, one party claimed a rewording had not been authorised. Several hard drives and backup sets were analysed by a third party data recovery outfit who recovered a complete edit trail of the relevant documents. Some parts had to be extracted from over-written temporaray files because intermediate copies of the documents had been deleted and didn't occur in the nightly backups. This being a law firm dealing in contracts amounting to many millions of pounds each, they keep copious backups. The fact the intermediate documents were deleted may or may not be a matter of criminal investigation. The edit trail of the documents in this case are currently being considered by other lawyers to assess whether they can be upheld in court. So, to answer your question - the claim IS valid, and when millions of pounds or criminal action can rest on the validity of a document it becomes worth going to those lengths.
And does anyone ever stop to apply logic to this claim? Do you think this retained data is neatly layered so you can distinguish the remnants from each of those previous write cycles?
Manifestly, it is possible. The same heuristics which are applied in the analysis of document authenticity for historical attribution and plagiarism resolution can be applied to overlapping data sets in order to separate them diachronically.
There have also been rumors that they can read data from old ram,
I'd be very sceptical about that.
and the EM leaking from your screen can be read from across the street.
But this is true, I've seen it done first hand - how do you think TV detector vans work to find licence avoiders (in the UK.) Dylan -- "The man who strikes first admits that his ideas have given out." (Chinese Proverb)
On Sun, Sep 04, 2005 at 06:37:58PM +0100, Dylan wrote:
On Sunday 04 Sep 2005 18:11, Randall R Schulz wrote:
Mike,
On Sunday 04 September 2005 09:56, Mike wrote: <SNIP>
Data recovery experts are able to undo several writes to a disk, which is why wipe disk programs do several passes, and agencies that are concerned about loss of data grind up the disk afterwards rather than take the chance that someone may have improved the technique to read wiped data.
Ummm, yea, and the good people over at... Can't say, but they can read off a HD that has been on fire, and even after 49 overwrites.
Even assuming this claim is valid, why on earth would anybody go to these lengths?
Lol, you've never seen people in high tech espionage?
OK, one of my close friends is head of IT auditing for a major City law firm. Recently, a dispute arose between two of their clients over a clause in a contract. Basically, one party claimed a rewording had not been authorised. Several hard drives and backup sets were analysed by a third party data recovery outfit who recovered a complete edit trail of the relevant documents. Some parts had to be extracted from over-written temporaray files because intermediate copies of the documents had been deleted and didn't occur in the nightly backups. This being a law firm dealing in contracts amounting to many millions of pounds each, they keep copious backups. The fact the intermediate documents were deleted may or may not be a matter of criminal investigation. The edit trail of the documents in this case are currently being considered by other lawyers to assess whether they can be upheld in court. So, to answer your question - the claim IS valid, and when millions of pounds or criminal action can rest on the validity of a document it becomes worth going to those lengths.
Why not just take all that and say instead: Deleted isn't.
And does anyone ever stop to apply logic to this claim? Do you think this retained data is neatly layered so you can distinguish the remnants from each of those previous write cycles?
Manifestly, it is possible. The same heuristics which are applied in the analysis of document authenticity for historical attribution and plagiarism resolution can be applied to overlapping data sets in order to separate them diachronically.
There have also been rumors that they can read data from old ram,
I'd be very sceptical about that.
I wouldn't, seen inside the FBI ;)
and the EM leaking from your screen can be read from across the street.
Lol when I was young I used to use a TV on a certain channel and cordless phone to tap into calls. This isnothing new.
But this is true, I've seen it done first hand - how do you think TV detector vans work to find licence avoiders (in the UK.)
Dylan
-- "The man who strikes first admits that his ideas have given out." (Chinese Proverb) ^ That is awesome!
-Gore / Allen
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Sun, 2005-09-04 at 13:54 -0400, Allen wrote:
Ummm, yea, and the good people over at... Can't say, but they can read off a HD that has been on fire, and even after 49 overwrites.
Even assuming this claim is valid, why on earth would anybody go to these lengths?
ever looked at: man shred ?
On Sunday 04 Sep 2005 18:54, Allen wrote: <SNP>
Why not just take all that and say instead:
Deleted isn't.
Well, in practical terms that's the case. There is a distinction between the reality or otherwise of deletion on the media and the *intent* to erase one's tracks. I may consider a file deleted while knowing it is still stored in physical terms. If someone trying to cover his tracks (or save his butt) is incognisant of the underlying reality that is a different matter. Dylan -- "The man who strikes first admits that his ideas have given out." (Chinese Proverb)
On Sunday 04 September 2005 10:37, Dylan wrote:
On Sunday 04 Sep 2005 18:11, Randall R Schulz wrote: ...
Even assuming this claim is valid, why on earth would anybody go to these lengths?
OK, one of my close friends is head of IT auditing for a major City law firm. Recently, a dispute arose between two of their clients over a clause in a contract. Basically, one party claimed a rewording had not been authorised. Several hard drives and backup sets were analysed by a third party data recovery outfit who recovered a complete edit trail of the relevant documents. Some parts had to be extracted from over-written temporaray files because intermediate copies of the documents had been deleted and didn't occur in the nightly backups. This being a law firm dealing in contracts amounting to many millions of pounds each, they keep copious backups. The fact the intermediate documents were deleted may or may not be a matter of criminal investigation. The edit trail of the documents in this case are currently being considered by other lawyers to assess whether they can be upheld in court. So, to answer your question - the claim IS valid, and when millions of pounds or criminal action can rest on the validity of a document it becomes worth going to those lengths.
So you're advocating people destroy record to evade legal liability for their actions?
...
Randall Schulz
On Sunday 04 Sep 2005 19:04, Randall R Schulz wrote: <SNIP>
So you're advocating people destroy record to evade legal liability for their actions?
No, I'm suggesting the cost and complexity of data recovery can be well worth the trouble. Dylan
...
Randall Schulz
-- "The man who strikes first admits that his ideas have given out." (Chinese Proverb)
In certain commercial sectors you are actually required/suggested to physically destroy a hard disc after overwriting it many times you are not allowed to chance that other parties can obtain personal/sensitive information of a hard disc. Sectors that require you to definitely do this include the Defence sector, but any sector where you have people's personal information e.g. financial , you are required to dispose of their data carefully. Therefore destroying it under this context is not illegal if in the correct timeframe/situation.
-----Original Message----- From: Dylan [mailto:dylan@dylan.me.uk] Sent: 04 September 2005 19:09 To: suse-linux-e@suse.com Subject: Re: [SLE] Root password - is it THAT simple to alter it?
On Sunday 04 Sep 2005 19:04, Randall R Schulz wrote: <SNIP>
So you're advocating people destroy record to evade legal liability for their actions?
No, I'm suggesting the cost and complexity of data recovery can be well worth the trouble.
Dylan
...
Randall Schulz
-- "The man who strikes first admits that his ideas have given out." (Chinese Proverb)
-- I am using the free version of SPAMfighter for private users. It has removed 197 spam emails to date. Paying users do not have this message in their emails. Try www.SPAMfighter.com for free now!
olusola Fadero wrote:
In certain commercial sectors you are actually required/suggested to physically destroy a hard disc after overwriting it many times you are not allowed to chance that other parties can obtain personal/sensitive information of a hard disc. Sectors that require you to definitely do this include the Defence sector, but any sector where you have people's personal information e.g. financial , you are required to dispose of their data carefully. Therefore destroying it under this context is not illegal if in the correct timeframe/situation.
Wouldn't it be "fun" required you to destroy the data, but another prohibited it. It wouldn't be the first time such contrary laws have appeared.
On Sunday 04 September 2005 14:04, Randall R Schulz wrote:
So you're advocating people destroy record to evade legal liability for their actions?
No, although that may be one purpose, the main purpose is to realize that any sensitive or confidential data, even though "deleted," can still be recovered, so be careful about how you discard your old hard drives. Bryan ******************************************************** Powered by SuSE Linux 9.2 Professional KDE 3.3.0 KMail 1.7.1 This is a Microsoft-free computer Bryan S. Tyson bryantyson@earthlink.net ********************************************************
Dylan wrote:
and the EM leaking from your screen can be read from across the street.
But this is true, I've seen it done first hand - how do you think TV detector vans work to find licence avoiders (in the UK.)
That's a bit different. TV sets give off signals, as part of normal operation, that can be detected. They don't reveal much about the content of what's being watched.
On Sun, Sep 04, 2005 at 10:11:42AM -0700, Randall R Schulz wrote:
Mike,
On Sunday 04 September 2005 09:56, Mike wrote:
On September 4, 2005 10:30 am, Randall R Schulz wrote: ...
As for swap, you'd have to write junk to the partition on shut down.
How?
Just copy /dev/null to the swap area.
Who are you defending your data from?
ID theft ;)
Defending? I'm under no delusions that any data I have would attract such attention. The only thing I have of value is a credit card (number), and that's more easily, reliably, safely and efficiently accessed in a variety of other ways that don't involve breaking into my home and stealing the hard drives from my computer.
Data recovery experts are able to undo several writes to a disk, which is why wipe disk programs do several passes, and agencies that are concerned about loss of data grind up the disk afterwards rather than take the chance that someone may have improved the technique to read wiped data.
Even assuming this claim is valid, why on earth would anybody go to these lengths?
Probably should have put this in the last email, but people pay a lot of money to get back data if they haven't made back ups. The same tech can grab personal information you may or may not want getting out.
And does anyone ever stop to apply logic to this claim? Do you think this retained data is neatly layered so you can distinguish the remnants from each of those previous write cycles?
But by all means lets get paranoid here. We're all in possession of information that is of such immense value that not only do we need iron-clad vaults capabable of deflecting armed terrorists and nuclear attackes, encryption that will defend against quantum computers and
No Encryption can' defend against that. Encryption is the idea that it's hard to computer large numbers in a short period of time. When all chances are put on the table at the same time, this is destroyed.
above all, the ability to protect us from science fiction scenarios such as those seen on TV shows like CSI.
Get real. Wipe the swap space once and forget about it.
Maybe if all you have is pron and MP3s, but when you hodl things on your computers that couldget you or someone else in trouble, you learn more.
There have also been rumors that they can read data from old ram, and the EM leaking from your screen can be read from across the street.
I've got some rumors for you.
Sheesh.
0-days exist.
Randall Schulz
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
Allen, On Sunday 04 September 2005 10:58, Allen wrote:
...
0-days exist.
For crying out loud, we're talking about treating the swap space upon shutdown. A computer that's not running cannot be the target of any exploit other than physical theft of the hardware. It's good to see that you folks have no real concerns in life and that you must resort to protecting the leftover dregs of your sytem's operation. Get a life, already. Randall Schulz
On Monday 05 September 2005 01:21, Randall R Schulz wrote:
It's good to see that you folks have no real concerns in life and that you must resort to protecting the leftover dregs of your sytem's operation.
If you're dealing with credit card data, it is a concern to make sure they can't be retrieved. Usually, sensitive things are programmatically prevented from being swapped out, such as (well designed) password entry dialogs. But when you deal with large databases, this is usually overlooked, so if you get your hands on a hard drive where such a database system had a swap partition, it is entirely possible that there could be CC data. This could be an expensive mistake I don't know how web browsers handle encrypted sites. I would hope they are stopped from being swapped out, but pessimism makes me doubt it. So if you buy things online, it could be a concern even for your home machine. Although there it would only be one or a couple of CC numbers, so the payoff for a criminal wouldn't be as great as for a payment processing database, so the realistic threat there is probably still only viruses and hackers
On Sunday 04 September 2005 19:58, Allen wrote:
But by all means lets get paranoid here. We're all in possession of information that is of such immense value that not only do we need iron-clad vaults capabable of deflecting armed terrorists and nuclear attackes, encryption that will defend against quantum computers and
No Encryption can' defend against that. Encryption is the idea that it's hard to computer large numbers in a short period of time. When all chances are put on the table at the same time, this is destroyed.
First of all, that's just one class of encryption algorithms. Secondly, what on earth does the above sentence mean, if anything
0-days exist.
huh?
Randall R Schulz wrote:
But by all means lets get paranoid here. We're all in possession of information that is of such immense value that not only do we need iron-clad vaults capabable of deflecting armed terrorists and nuclear attackes, encryption that will defend against quantum computers and above all, the ability to protect us from science fiction scenarios such as those seen on TV shows like CSI.
Get real. Wipe the swap space once and forget about it.
Let's see if you're singing the same tune, when the IRS finds out you "forgot" to claim that 25 cents you found on the sidewalk last week. ;-)
Mike wrote:
On September 4, 2005 10:30 am, Randall R Schulz wrote:
Shriramana,
On Sunday 04 September 2005 06:39, Shriramana Sharma wrote:
Sunday 04 Sep 2005 18:20 samaye James Knott alekhiit:
Is there, then, a way to empty /tmp and swap everytime I shutdown?
You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk.
I would not recommend this. Some programs write sizeable files to /tmp.
And also means that my RAM will be hogged for this purpose, yes?
As for swap, you'd have to write junk to the partition on shut down.
How?
Just copy /dev/null to the swap area.
Who are you defending your data from?
Data recovery experts are able to undo several writes to a disk, which is why wipe disk programs do several passes, and agencies that are concerned about loss of data grind up the disk afterwards rather than take the chance that someone may have improved the technique to read wiped data.
There have also been rumors that they can read data from old ram, and the EM leaking from your screen can be read from across the street.
Sorry, that should be "from 200 metres away" by someone sitting in a van and not just "across the street". Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.
Randall R Schulz wrote:
Shriramana,
On Sunday 04 September 2005 06:39, Shriramana Sharma wrote:
Sunday 04 Sep 2005 18:20 samaye James Knott alekhiit:
Is there, then, a way to empty /tmp and swap everytime I shutdown? You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk.
I would not recommend this. Some programs write sizeable files to /tmp.
This is where things get interesting. You have a RAM disk, that's holding so much data that it has to write to swap. ;-)
Shriramana Sharma wrote:
Sunday 04 Sep 2005 18:20 samaye James Knott alekhiit:
Is there, then, a way to empty /tmp and swap everytime I shutdown? You could create a symlink from /tmp to /dev/shm. This means that your /tmp will be on a RAM disk.
And also means that my RAM will be hogged for this purpose, yes?
Yes, using a RAM disk, will require some RAM.
As for swap, you'd have to write junk to the partition on shut down.
How?
I'd imagine the dd command could be used to fill the partition.
Or you could simply have enough RAM, that you don't need a swap.
How do you say about 1.5 GB? (Don't have it now, but planning to get.)
How much you need, depends on what you're doing. If you're frequently hitting swap, you could use more memory.
On Sun, 28 Aug 2005 19:04:53 +1000 Basil Chupin <blchupin@tpg.com.au> wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?). FWIW: I tend to prefer encrypting only sensitive files rather than an entire file system. This depends on the amount of data you want to encrypt. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
Jerry Feldman wrote:
On Sun, 28 Aug 2005 19:04:53 +1000 Basil Chupin <blchupin@tpg.com.au> wrote:
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
FWIW: I tend to prefer encrypting only sensitive files rather than an entire file system. This depends on the amount of data you want to encrypt.
Yes, that makes sense. One most confusing thing I found when reading the Admin Manual - Encrypting Partitions and Files - is the somewhat ambigious use of the terms "partition" "file system" and "files" in this sentence quoted from the Manual,"As well as using a partition, it is possible to create enctypted files systems within single files for holding confidential data." Nice to get a translation of that. Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.
Basil Chupin wrote:
One most confusing thing I found when reading the Admin Manual - Encrypting Partitions and Files - is the somewhat ambigious use of the terms "partition" "file system" and "files" in this sentence quoted from the Manual,"As well as using a partition, it is possible to create enctypted files systems within single files for holding confidential data." Nice to get a translation of that.
File system = the entire Linux file structure, from "/" down. Partition = an area of the disk What that statement means, is that you can create a file, that can be mounted as though it was a partition. It can be formatted as desired, including with encryption.
Basil Chupin wrote:
One most confusing thing I found when reading the Admin Manual - Encrypting Partitions and Files - is the somewhat ambigious use of the terms "partition" "file system" and "files" in this sentence quoted from the Manual,"As well as using a partition, it is possible to create enctypted files systems within single files for holding confidential data." Nice to get a translation of that.
File system = the entire Linux file structure, from "/" down. Partition = an area of the disk I don't agree 100% with your definition. A Partition is, as you say, an area of the disk. This is more of a physical definition. A File System is more confusing because the terminology can refer to a type of a file system, such as ext3 or reiserfs or to the logical information
On Tuesday 30 August 2005 9:39 am, James Knott wrote: that you place on a partition or floppy. In Unix/Linux terminology, you mount a file system. For instance, there is the root ('/') file system. If you have created 4 partitions: 1. /dev/hda1 - allocated as '/' (root) 2. /dev/hda2 - allocated as /home 3. /dev/hda3 - allocated as /usr/local 4. /dev/hda4 - allocated as swap Then you have the root file system, the /home file system and the /usr/local file system. -- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
On 8/28/05, Basil Chupin <blchupin@tpg.com.au> wrote:
James Knott wrote:
Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Yes. The first line of security, is physical security. Even without changing the password, it's easy to boot a rescue disk and access the files. The same applies to Windows etc. Even a password protected computer won't help, as a hard drive can easily be moved to another computer. The only way around this is to use encryption or prevent physical access to your computer.
Thanks to you and all others who responded.
This has been a hole in my "education" about computers which has now been closed tightly. I have all my HDs sitting in cradles so that they all get locked away in a safe place at those times when the house is left unattended. This has been done to this point only with the monetary value, and the nuisance value, of the HDs in mind should they get nicked but now new thinking has to be put into place.
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Thanks to all for the wake-up call :-).
Cheers.
Encryption uses a lot of CPU overhead. If you care about performance, consider a hardware encryption device. They range from $50 - $150 IIRC. See http://www.cooldrives.com/usdriv.html The idea with the couple I have tried is that the "key" is used at power-on. Once you powered up, you pull the key and put it in your safe. Pull it back out every time you need to cycle power. Obviously this works better for Linux than M$ ;) You also need to keep all of you backups, etc. in a safe place. Greg -- Greg Freemyer The Norcross Group Forensics for the 21st Century
Greg Freemyer wrote:
On 8/28/05, Basil Chupin <blchupin@tpg.com.au> wrote:
James Knott wrote:
Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Yes. The first line of security, is physical security. Even without changing the password, it's easy to boot a rescue disk and access the files. The same applies to Windows etc. Even a password protected computer won't help, as a hard drive can easily be moved to another computer. The only way around this is to use encryption or prevent physical access to your computer.
Thanks to you and all others who responded.
This has been a hole in my "education" about computers which has now been closed tightly. I have all my HDs sitting in cradles so that they all get locked away in a safe place at those times when the house is left unattended. This has been done to this point only with the monetary value, and the nuisance value, of the HDs in mind should they get nicked but now new thinking has to be put into place.
I will need to look into the overheads involved in using encrypted file system(s) (encryption my slow processing down but by how much?) or at least putting sensitive data into one encrypted partition or something similar- perhaps keeping it on a CD/DVD and accessing it as needed (but what do you do with the passwords used to access the Internet and websites?).
Thanks to all for the wake-up call :-).
Cheers.
Encryption uses a lot of CPU overhead. If you care about performance, consider a hardware encryption device. They range from $50 - $150 IIRC.
I suspected that it would. The hardware encyption looks like the preferred option. Thanks for the information.
See http://www.cooldrives.com/usdriv.html
The idea with the couple I have tried is that the "key" is used at power-on. Once you powered up, you pull the key and put it in your safe. Pull it back out every time you need to cycle power.
Obviously this works better for Linux than M$ ;)
You also need to keep all of you backups, etc. in a safe place.
Greg
Cheers. -- Light travels faster than sound. This is why some people appear bright until you hear them speak.
On Friday 26 August 2005 8:54 am, Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Cheers.
-- The first myth of management is that it exists. ^ security ^
Simple answer: YES! As both WABonnet and Ben point out. Disabling BIOS boot to floppy, CD, USB or anything but hard drive and putting password(s) on BIOS and locking it up in a hardened bunker will help... Stan
On 8/26/05, Stan Glasoe <srglasoe@comcast.net> wrote:
On Friday 26 August 2005 8:54 am, Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Cheers.
-- The first myth of management is that it exists. ^ security ^
Simple answer: YES! As both WABonnet and Ben point out.
Disabling BIOS boot to floppy, CD, USB or anything but hard drive and putting password(s) on BIOS and locking it up in a hardened bunker will help...
Stan
As others pointed out - its that easy. Your "secrets" should be stored on an encrypted partition/filesystem. Still if someone has a physical access to your harddrive, and your "secrets" does cost something, someone may try brute-force decryption. -- Svetoslav Milenov (Sunny)
On Fri, Aug 26, 2005 at 09:23:18AM -0500, Stan Glasoe wrote:
On Friday 26 August 2005 8:54 am, Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Cheers.
-- The first myth of management is that it exists. ^ security ^
Simple answer: YES! As both WABonnet and Ben point out.
Disabling BIOS boot to floppy, CD, USB or anything but hard drive and putting password(s) on BIOS and locking it up in a hardened bunker will help...
Because it's SO hard to power cycle the machine and go into BIOS and re enable all that crap you said to do. And BIOS passwprds... Pffft, there is a part you can pull out for a few seconds and pop back in and that password goes by bye. And a hardened bunker? Come on now
Stan
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Fri, 2005-08-26 at 23:54 +1000, Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Would that be something along the lines of boot a bootable cd, get a root console, mount the / of the computer in question read write, and then edit out the root password in /etc/passwd. Shut the system down,, reboot in init 3 log in as root and then reset it's password? I've had to do this a couple of times when other folks have forgotten the root password. The physical security of a system is also important. You can of course remove the option to boot from cd, in the BIOS and then password protect the BIOS. However, IIRC there are mother-boards that have a "short" pin that resets the mother board to original factory, which probably removes the password protection.
On Fri, Aug 26, 2005 at 01:23:43PM -0400, Mike McMullin wrote:
On Fri, 2005-08-26 at 23:54 +1000, Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Would that be something along the lines of boot a bootable cd, get a root console, mount the / of the computer in question read write, and then edit out the root password in /etc/passwd. Shut the system down,, reboot in init 3 log in as root and then reset it's password?
You allow that to work? On my boxes if you do that, it doesn't work and you can no longer log in.
I've had to do this a couple of times when other folks have forgotten the root password. The physical security of a system is also important. You can of course remove the option to boot from cd, in the BIOS and then password protect the BIOS. However, IIRC there are mother-boards that have a "short" pin that resets the mother board to original factory, which probably removes the password protection.
Yes it does. No machine is secure, no computer can't be hacked, and if you tink you can make one that is it's because it doesn't have a power cord.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Fri, 2005-08-26 at 20:42 -0400, Allen wrote:
On Fri, Aug 26, 2005 at 01:23:43PM -0400, Mike McMullin wrote:
On Fri, 2005-08-26 at 23:54 +1000, Basil Chupin wrote:
I've nad the need to look at what is available on the 'net about what to do when one forgets what the root password is.
Is it really THAT simple on SuSE to alter the password for the root? Anyone can boot my system and go about altering my root password to be then able to steal all my secrets?
Would that be something along the lines of boot a bootable cd, get a root console, mount the / of the computer in question read write, and then edit out the root password in /etc/passwd. Shut the system down,, reboot in init 3 log in as root and then reset it's password?
You allow that to work? On my boxes if you do that, it doesn't work and you can no longer log in.
I may have missed a thing or two in the description, but that is basically how I've done it in the past.
I've had to do this a couple of times when other folks have forgotten the root password. The physical security of a system is also important. You can of course remove the option to boot from cd, in the BIOS and then password protect the BIOS. However, IIRC there are mother-boards that have a "short" pin that resets the mother board to original factory, which probably removes the password protection.
Yes it does.
I wish I knew where that pin was in DELL systems. I'm sure that I'm going to want that knowledge sooner or later.
No machine is secure, no computer can't be hacked, and if you tink you can make one that is it's because it doesn't have a power cord.
Location, location, location. It's not just for businesses any more.
Mike McMullin wrote:
I wish I knew where that pin was in DELL systems. I'm sure that I'm going to want that knowledge sooner or later.
if yous have not the manual go on the dell web site, all is there - I had to find this for a very old dell box last years, and dell gives all what you need (mobo pictures...) jdd -- pour m'écrire, aller sur: http://www.dodin.net http://valerie.dodin.net http://arvamip.free.fr
participants (19)
-
Allen -
Anders Johansson -
Basil Chupin -
Ben Higginbottom -
Bryan Tyson -
Chadley Wilson -
Dylan -
Greg Freemyer -
Hans Witvliet -
James Knott -
jdd sur free -
Jerry Feldman -
Mike -
Mike McMullin -
olusola Fadero -
Randall R Schulz -
Shriramana Sharma -
Stan Glasoe -
Sunny