A group of Spanish researchers has uncovered a long-standing vulnerability in Linux that pressing the backspace key 28 times will bypass the login screen on some Linux distros.
Advertisement
Josh Norman, Panthers CB, fined 044 by NFL
In a game against the Buffalo Bills, video appeared to show Beckham throwing a punch at a Bills player after getting blocked. Irvin confirmed that Panthers players were directing slurs toward Beckham and said it’s not the first time.
Two researchers from the Cybersecurity Group at Spain’s Polytechnic University of Valencia published a paper that reveals just how easy it is to gain access to many Linux systems. After hitting the backspace key 28 times, the Linux system would return a critical error which initiates the GRUB rescue shell. Ubuntu, Red Hat, and Debian have all issued patches to fix it as well.
Arsene Wenger says Louis Van Gaal treatment unfair
What do you think that happens with my wife? “So you think that I want to talk with the media now”. This has not been a good season for Louis Van Gaal and Manchester United .
As an open source operating system, Linux is considered much more secure than other OS’s like Windows or Mac OS.
Palestinian attackers killed, 2 Israelis die in Jerusalem
A police spokesperson said the incident occurred in the afternoon near the Old City’s Jaffa Gate, a popular tourist spot. Most have taken place around the Damascus Gate, the main entrance to the Old City’s Muslim quarter.
As reported by PC World, the bootloader is used to initialize a Linux system at start and uses a password management system to protect boot entries – which not only prevents tampering but also can be used to disable peripheries such as CD-ROMs and USB ports.
Vulnerable versions of the Grub2 loader date back as far as 2009 until present. They have assured the users that this activity would have to be done on individual machines and cannot launch an infection over the internet in general.
To check the status of your system, simply press the Backspace key 28 times when Grub asks your user name.
Hackers who successfully exploit this can get access to a Grub rescue shell, a very powerful shell which can give them “full access to the grub’s console”. Researchers have described a scenario in which an advanced persistent threat (APT) actor or malicious insiders exploit the vulnerability to plant a piece of malware that can be used to spy on the victim or steal sensitive information even if it is in encrypted format. Attackers can overwrite the disk, causing denial of service. Using this shell’s commands, an attacker can rewrite the Grub2 code loaded in RAM to completely bypass the authentication check.
While there is an emergency patch available on Github for Linux users, the main vendors have been made aware of this security flaw.
Advertisement
When a computer is turned on, the bootloader loads first and then the operating system.
