Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - 0-Day GRUB2 Authentication Bypass Hits Linux

prisoninmate writes: A zero-day security flaw was discovered by developers Ismael Ripoll and Hector Marco in the upstream GRUB2 packages, which did not correctly handled the backspace key when the bootloader was configured to use password protected authentication, thus allowing a local attacker to bypass GRUB's password protection. Versions from 1.98 (December, 2009) to 2.02 (December, 2015) are affected. At the moment, it looks like only a few distributons received the patched GRUB2 versions, including Ubuntu, Debian (Squeeze LTS only) and Red Hat Enterprise Linux 7. Arch Linux devs should release a patched GRUB2 version in the next hours.

Comment Re:Rogers is terrible (Score 3, Interesting) 238

I run Cyanogen on my Dream as well, but I got around the data blockage like so:

If you were quick enough to take advantage of the free HTC Magic upgrade they offered, you can just root the Magic and install CursorSense (at least 1.2.1). CursorSense is a mod of the official Rogers firmware, so as far as Rogers is concerned, you have a 'patched' phone, so they re-enable data access on your account. At that point you can switch back to your Dream with full 3G access.

I was without data for about a day (my Magic only arrived Monday, a day after they started blocking data), but since then I've been fine.

Rogers can take their mandatory upgrade and shove it. :p

Comment Re:Too bad "being an asshole" is not a crime (Score 2, Insightful) 498

It's not about PERSONAL harm. It's about professional ethics and legal implications. If you were fired from a company, and subsequently went and posted every password you knew on a forum or email list, you'd be sued or charged in a heartbeat.

This is no different in the least -- even if he was already barred from accessing the system, it was still a random group of people whose authority over him and/or the systems was nonexistent, or questionable at best. If he HAD divulged the passwords in those circumstances, he should have been charged, not the other way around.

Comment Re:Too bad "being an asshole" is not a crime (Score 2, Insightful) 498

No one in the room was in Childs' chain of command. His boss wasn't there, nor was his boss' boss, etc. It was a group of random city employees (city police, HR) and random, unknown people on the other end of a phone.

What authority did anyone there have to order him to divulge passwords?

If someone from HR or Finance, even if they're a VP or C*O, came to me and said "Hand over all the network passwords now.", I'd tell them to fuck off too until someone to whom I report said otherwise.

Slashdot Top Deals

10.0 times 0.1 is hardly ever 1.0.

Working...