DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 16, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 216 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Grub2 bootloader can be hacked by pressing backspace 28 times

Posted on Friday, December 18 2015 @ 23:07:10 CET by


Two security researchers from the Cybersecurity Group at the Polytechnic University of Valencia (UPV) in Spain discovered a vulnerability in Grub2, a popular Linux bootloader, that can be triggered by pressing the backspace button exactly 28 times.

On vulnerable systems, this key combo will open a Grub rescue shell, giving an attacker the power to perform tasks like stealing data or installing malware. One major catch though is that the attacker needs physical access to the vulnerable Linux PC. Furthermore, Grub 2's password protection needs to be activated, and this is a feature that's not widely used, so the impact is quite limited.

The duo released a patch for the vulnerability and Ubuntu, Red Hat and Debian all have released fixes too.
”It is irresponsible for grub to lack decades-old exploit mitigations like stack cookies that could have addressed this issue,” Dan Guido, the founder of security firm Trail of Bits, told Motherboard.

The researchers speculate that such a bug could be used by spies to install malware on a target’s computer to steal his or her files. The spies could install persistent malware on the machine that survives reboots and even new installs.
Via: Vice



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba