Re: Linux, BSD, and Unix are fundamentally insecure.

From: Thomas Schweikle (tps_at_vr-web.de)
Date: 09/11/04 

Date: Sat, 11 Sep 2004 18:54:25 +0200

Mike Cox wrote:

> General Protection Fault <generalpf@braids.ertw.com> wrote in message news:<slrnck3bn7.1r6o.generalpf@braids.ertw.com>...
>> ["Followup-To:" header set to comp.os.linux.advocacy.]
>> On 9 Sep 2004 21:00:34 -0700, Mike Cox wrote:
>> > An opensource consultant visited my workplace recently and was
>> > upstaged by my MCSEs. The consultant went over my head and made a
>> > sales call to the owner of the company who decided to see a demo of
>> > the various flavors of *nix. My boss was interested due to the
>> > consultant's claims of a lower total cost of ownership and more
>> > security.
>> >
>> > When this consultant showed up, my MCSEs were ready to show how much
>> > more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>> > When the consultant was done with the demo, my MCSE, Scott, went up to
>> > the Linux box, and did the following:
>> >
>> > linux init=/bin/sh
>> > mount -o remount -rw /
>> > mount /proc
>> > passwd
>> > mount -o remount -ro /
>> > umount /proc
>> >
>> > When Scott rebooted the machine, he typed in the new root password and
>> > was in. The consultants jaw dropped, my boss laughed, and will now
>> > trust my MCSE's judgement in all things related to IT in the company.
>>
>> Any machine is insecure if you have physical access to it.
>>
>> I can remove a hard drive from a "secure" NT machine and mount it in my own
>> box and read everything.
>
> Not really. If that hard drive you mount was using NTFS with the
> encryption option enabled, mounting that hard drive on another system
> won't give you access to that data because the encryption keys are
> different.
>
> Linux's/BSD's/Unix's flaw is that it allows people to boot from the
> boat loader into a shell without requiring the root password. Windows
> 2000 doesn't allow that. You need the Admin password in order to get
> the machine in safe mode or to use the Windows 2000 to do a system
> recovery. I know because I've done it and tested it.

Really? I am sure, it doesn't ask for a password if booting into the
"rescue console". 

-- 
Thomas

Relevant Pages

  • Re: Help on Administrative pasword security
    ... on windows 2000 professionnal system. ... I want to prevent that administrator to be resetted by tools ... > For those resetting tools to work, user would need a physical access to the ... protect physical access to your servers. ...
    (microsoft.public.win2000.security)
  • Re: Linux, BSD, and Unix are fundamentally insecure.
    ... Mike Cox wrote: ... >> Any machine is insecure if you have physical access to it. ... > the machine in safe mode or to use the Windows 2000 to do a system ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Windows XP/2000/NT Key Enterprise Edition
    ... That tool is worthless for you if you can not get physical access to ... There is no security without physical security. ... > This program resets Windows XP, ... > administrator passwords. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: someone accessing my computer
    ... I am behind McAfee Firewall have Windows ... I suggest using some programs (personal firewall) like Zone Alarm, ... your computer if they have physical access to it. ... Can anyone tell me how I can check this out other than running spyware ...
    (microsoft.public.security)
  • Re: When "Windows remembers a password" whats actually happening?
    ... It stores the password on the computer in a fairly insecure way that would ... obtain with free tools. ... will ever be able to gain physical access to your computer or never have it ... > I needed to do something in Windows. ...
    (microsoft.public.security)