70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS

70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS 70 SECONDS

>get a shell
>disk is still encrypted
Enjoy playing around in an initramfs, faggot.

YEAR OF THE LINUX DESKTOP NEVER

How does that work? Why does the amount of keystrokes (or seconds of holding the key) affect the end result? Is it some memory management problem?

Sorry for the dumb question.

"All in all, an attacker wanting to skirt all the repeated password prompts and just access the shell, needs to hold down the Enter key for approximately 70 seconds or more."

>backspace a couple of months ago
>now enter

What's next? Shift?

...

>physical access "security flaw"
>still doesn't have access to the disk contents
Fuck off. You know what else would the same thing? Inserting and booting from a live CD. This is not a security issue.

It is possible to access all the disks. Although the system partition is encrypted it can be copied to an external device, where it can be later be brute forced. Obviously, it is possible to access to non-encrypted information in other devices.

And how was any of that not possible before this for an attacker with physical access?

It has always been the case that an attacker with physical access also has immediate access to all unencrypted information on your system.

You don't remotely understand the (lack of) implications of what you're talking about, and are just using this to shitpost.

>escape key
>new macbook immune by design

so it basically thinks there is an input hardware error and drops to shell?
I thought it would be slightly more of a thing than nothing.

...

Malicious software can be installed in /boot you fucking idiots. This can also be access remotely on servers hosting linux images under certain circumstances.

Sup Forums Literally full of idiots.

WTF
really, wtf, how does that even compute?
>Seleção
escumalha

Oh lawd I'm just laughing right now

Imagine one of those high intensity hacking movies, and the hacker is just holding the enter button while everyone is freaking out, trying to get him to hurry up.

I tried this on my arch Linux machine and it didn't work OP

> C was a good idea

you just have to remove the keyboard from any linux machines :o)

We should raise funds for a low budget hacking movie and make it as realistic as possible. It would all be shit like this and the 28 backspace thing and social engineering, and then the dude would end up selling stolen SSNs for $1.50 each. It would be a comedy and we could screen it in one of those shitty film festivals.

it's a shell script

It doesn't decrypt the data or anything. I wouldn't call this an exploit, just a small bug. If someone has physical access nothing will stop the attacker from gaining access to the encrypted data. Good luck decrypting it.

Are my LUKs flash drives data okay? Could care less about bruteforcing, the entropy used makes it impossible to bruteforce. As long as the data is okay, we're good.

Either way, I'm making the switch to OpenBSD. Just have to read the docs (TM)

I've been doing so, and it's far more well documented than the GNU/Linux distros that I've used. Also free of systemd, that i like a lot.

Who would've guessed?

Linux doesn't have malicious software, you turd burgling windows shill.

With a sufficient key length, being able to brute force an encrypted disk becomes irrelevant. Why should we care if someone can retry passwords?

>Dirty CoW
>all those bash security bugs
>"hold enter for 70 seconds to bypass disk encryption"

>LINUX IS SECURE LINUX IS SECURE!!
Jesus Christ.

>"Wait. That looked too easy! That isn't very secure!" If an attacker has physical access to your system, they win, regardless of the OS on the computer.

OpenBSD is pretty slower than GNU+Linux

"bypass disk encryption"
the same could be done by removing and mounting the hard drive. If you cared about OPSEC your /boot would be on a flash drive locked inside of a box.

>DirtyCow
Did you know you can root a box using cron? Still can if people don't configure there shit correctly.

DirtyCow is very neat though. It only works if you have access to the machine (maybe if you had 'sploited the www user, you might be able to get something nifty done). It's not something that can be ran over the internet, and most desktop PCs will never be effected by it.

Oh and the BSDs aren't effected - LibreSSL doesn't get hit by OpenSSL bugs either.

Doesn't work.

I think you missed a newline there.

The fact that cryptsetup -- a utility avaliable (if not included by default) in most major distributions is effected by such a simple and serious bug makes Ubuntu, Solus, Arch Linux, Debian, Fedora, RHEL, and a fair amount of other distros look silly.

Having physical access makes exploitation very easy, but i employ a lot of security measures to prevent being exploited. My machine has a BIOS password set. My RAM chips are glued into their sockets. My PC uses an SSD so i don't have to fuck about with srm which i used for quite some time. My /boot is on a flash drive, which i verify the checksum of before booting on a secondary PC with similar measures of security. My PC case is secured with a tamper-evident. This is just the physical security that i employ, the software security is about 100x more "autistic"

There are still people on Sup Forums who use Linux? Switch to BSD or go back to Windows already.

Only OpenBSD counts to be fair, FreeBSD doesn't even have ASLR and is vulnerable by default

Reminder that Windows 10 is infinitely more secure than any Linux fork will ever be.

delete this

You might be legally retarded.

This is why an OS made by amateurs will never be worth shit and rise beyond the state of being a joke in the eyes of serious users.

>LINSUCKS IS SECURE THEY SAID

I'll start on the posters

How is this even remotely a good idea?

> Solus

Remember stickey keys?

checkmate

im on it boss

What do you have to hide?

>Thinks communism won't fuck you in the ass every single time

top kek

it's not.

The kind of software he's talking about doesn't even run over the OS you retard. I can't fathom being this ignorant yet being so willing to express my opinion on stuff.

Next level Solus shilling.

And it will be patched.
At least these things are founded, audited and fixed. Unlike Windows where you just sorta hope things are okay. If you don't think WIndows has these sort of vulnerabilities you're fuckin delusional.

>People actually unironically fall for the Linux on desktop meme

For the longest time I thought this was all a big in joke on Sup Forums but then I saw in desktop threads that people actually fucking do it. I couldn't stop laughing for hours.

Why is Sup Forums full of retards like this?

>How does that work?

linux is stuffed with these intentional holes

t. openbsd fag

I would like to hope somebody combed through the source code but knowing how security analysts work, some autismo sperg probably spent days pressing random keys and some shit happened

>pretty slower than GNU+Linux
not really

The MacBook Pro with Retina display does not have this problem.

Enjoy your FBI backdoors my man

>openbsd fag
Wow OpenBSD has internet drivers these days?

sweet

Who cares? They could do the same thing with a live flash drive.

>all those hacker movies where people just randomly type of the keyboard are actually real exploits that were underground top secret and never disclosed to the public

80% probability it was put in by a developer who was worried about forgetting his password so put in their own personal backdoor that they thought nobody would ever find because "who holds an enter key for 70 seconds"

Wait a second.
So it doesn't decrypt the disk? It just gives you a shell?

How is this a bad thing?

I guess the attacker could clone the disk, but with physical access to the machine he could also just take the disk.
Unless there is a super secret reason why he needs to leave the disk/machine behind intact then it's not such a big issue.

Also, bruteforcing the key for an encrypted disk isn't something that will take a short amount of time, so even if someone broke into your house, found out your computer had an encrypted disk, used this, and cloned it, it would be months before they got the data, so they probably wouldn't even bother when they would just end up getting Chinese cartoons.

>using dmcrypt
>it uses SHA1, AES128 and RSA-1086 by DEFAULT
>NOT USING TRUECRYPT
FUCK OP (You) make me CRINGE

Imagine every day shitposting the same fucking
thread.
Every. Fucking. Day.
Imagine every day lurking and having to see the same fucking thread.
Every. Fucking. Day.

Maybe you are buthurt
Maybe you are braindead
Maybe you are a paid shill
Maybe you are 12
Maybe you crave attention
Maybe it's all of those things...

I don't really care but: could you please fucking not?

Please type "sage" in any replies to this thread, it's just mindless chaff awaiting the winnowing basket.

This is hilarious.
But since you have physical access anyway I don't think this is too important.

>Administrator
>not NT-Authority
Plebs, all of you

I guarantee this is going to get patched in a couple of days. But what about exploits on Windows? How many are there really? How do you know if any of got patched at all?

>DM/Luks once again turns out to be backdoored to hell

not surprised desu. Wasn't there a similar bypass a couple of months ago? By pressing backspace 27 times or something

I'll stick with VeraCrypt thanks

>believing lying clickbait

back to with you

>Linux security

L m a o

it's an intentional backdoor faggots

Too bad LibreSSL has its own share of bugs
that's not present in OpenSSL.

>free software quality