• Please review our updated Terms and Rules here

Too secure, or very smart?

E

evildragon

Veteran Member
Joined
May 29, 2007
Messages
1,646
Location
Tampa Florida
I got this friend, whom I went to her house yesterday to pull a prank on her, via her computer. (she wasn't home.)

The prank itself won't be mentioned, because some of you may think it's harsh, while me and her know it would have been a funny prank.

Mainly, I tried to boot her computer (mind you, she's a hard core *nix user), and it just wouldn't boot. Kept getting "INVALID BOOT DISK". Surely her computer works? I've always seen it powered on.

So, I pop in my linux live CD, and notice that her HD is working perfectly fine, but has no boot loader on it!

She comes home, and I just surprise her from being there, and behold, she plugs in a flash stick into the computer, turns on the computer, a boot loader loads FROM the flash stick, and then the computer boots from the internal HD.

So, what she did, was put the boot loader on the external USB flash drive!

Either that is too secure, or just very damn clever? What do you think about that?
 
Heh. At least it prevented you from easily fooling around. I suppose it would also be useful against boot sector viruses and malware. Even better if she has a rather large Flash-type memory and could contain a whole installation, preferrably hardware independant (within modern X86). Then she could take her "computer" almost anywhere. Use two memory sticks, one for the system and one for personal data and you're ready to go.

From a cracker or leecher's perspective, a hard disk-less computer is also desireable in case the police gets on your heels and has a search warrant in your house. They will find your computer, but no evidence of your data. The hard core people will not even consider removeable media, but store all their personal data only on a secure server somewhere else, perhaps fragmented on many places. Use a disposeable Flash memory only to boot the operating system, and of course do all your business online via an encrypted connecton etc.

Oh well, this got out of hand. I'm not accusing your friend for doing any illegal business, just trying to come up with reasons why you would not want to use any hard disk.
 
As long as she has a backup (You know, in case the thumbdrive dies or snaps in half or something) it sounds like an awesome setup! I've heard of doing this w/ floppies but a thumbdrive would be perfect!
 
atari2600a said:
As long as she has a backup (You know, in case the thumbdrive dies or snaps in half or something) it sounds like an awesome setup! I've heard of doing this w/ floppies but a thumbdrive would be perfect!
Click to expand...
In the past, I think I might have did this with a floppy. (i remember trying to dual boot with linux and windows one time and just decided to put LILO on a floppy)..

But she has the whole boot loader on a flash stick.. And the flash stick still acts as her portable data stick too.. It's an old memorex, 32MB stick, USB 1.1..

I think she should upgrade the stick though, i use a Sandisk 1.0GB Cruzer Micro and do boot DOS on it for old DOS games.. But she, boots her whole computers bootloader, and then boots to her computers internal HD. (which is SATA I think)...
 
I'm surprised it fooled me at all, I've always knew you could boot to USB devices.

I just never thought I'd see it done to Linux, and in practice.
 
That's too cool, how she did that! You still were able to get to her harddrive and data, though, so it was only a speedbump if she was really trying to secure it. It would have fooled, say, a computer illiterate burglar if he got the machine.

And yeah, Linux can *DO* that!
 
Yep, not much added security except, I suppose, I never run over to a friend's house with a linux live cd in my hand. Still, takes about 5 seconds with a boot cd. Not that hard to "hand code" the lines in grub to bring up her hard drive. I do it all the time because I am too lazy to keep combining the grub boot files from several partitions.
 
It's sort of a security through obscurity trick vs anything real. Yes it'll keep someone who doesn't know how to boot linux from a disk out but everyones correct that no real security is added. If you have your own bootable linux distro on usb, cd, floppy you can still access all the data on her drive unless she has it encrypted.

It also doesn't keep her safe from mbr viruses or anything. Most viruses copy the current MBR to another location (unused sector towards end of disk), put themselves at MBR location then your computer boots, it WILL see bootable code at the beginning of the drive, runs it then the virus jumps you to the old code resulting in the old error code. Although yes, I suppose (as I wrote this) if she ALWAYS boots off of USB *BEFORE* harddrive she'd bypass that for the most part. If it's misconfigured (sort of funny) it could try floppy, cd, hd, then usb.

Anyway, pretty old school mindset though. The disadvantage is if the power goes out or the system reboots it won't come back up. But between that and having syslog log over serial to another computer (or even older school and more expensive having syslog output to a printer) are things we don't see too often anymore.

- J
 
I'm at her house right now.. this is what her BIOS says..

1st Boot Device: USB-HD
2nd Boot Device: Disabled
3rd Boot Device: Disabled
Boot Other Device: No
 
Speaking of dead horses....


All goes to prove the importance of physically securing your servers!!
 
Absolutely. (And good to see the boot order is right).

You can have a wonderful 1024 character password but if I can still boot your system with external media that fits wonderfully in my pocket (or even in my watch http://www.thinkgeek.com/gadgets/watches/9771/) and overwrite your hash with mine then it's not secure. Physical security tends to be a hugely accidentally weak point for many data centers and buildings.

I won't preach here since it has nothing to do with this forum but just wanted to raise awareness (actually I think I'm required to as an acting board member somewhere in the ISSA bylaws lol).

- John
 
..although I guess I should question your ability to gain access to her house so darn easily j/k
 
I got access to her house via her key ;) (we're best friends, we shared each others keys)..

Her home folder was encrypted.. I checked it, I can't access anything in it.
 
barythrin said:
It's sort of a security through obscurity trick vs anything real. Yes it'll keep someone who doesn't know how to boot linux from a disk out but everyones correct that no real security is added. If you have your own bootable linux distro on usb, cd, floppy you can still access all the data on her drive unless she has it encrypted.

It also doesn't keep her safe from mbr viruses or anything. Most viruses copy the current MBR to another location (unused sector towards end of disk), put themselves at MBR location then your computer boots, it WILL see bootable code at the beginning of the drive, runs it then the virus jumps you to the old code resulting in the old error code. Although yes, I suppose (as I wrote this) if she ALWAYS boots off of USB *BEFORE* harddrive she'd bypass that for the most part. If it's misconfigured (sort of funny) it could try floppy, cd, hd, then usb.

Anyway, pretty old school mindset though. The disadvantage is if the power goes out or the system reboots it won't come back up. But between that and having syslog log over serial to another computer (or even older school and more expensive having syslog output to a printer) are things we don't see too often anymore.

- J
Click to expand...

well with a floopy couldnt you set it to read only via bios, so that a virus could not be written?
 
barythrin said:
Absolutely. (And good to see the boot order is right).

You can have a wonderful 1024 character password but if I can still boot your system with external media that fits wonderfully in my pocket (or even in my watch http://www.thinkgeek.com/gadgets/watches/9771/) and overwrite your hash with mine then it's not secure. Physical security tends to be a hugely accidentally weak point for many data centers and buildings.

I won't preach here since it has nothing to do with this forum but just wanted to raise awareness (actually I think I'm required to as an acting board member somewhere in the ISSA bylaws lol).

- John
Click to expand...

lol, well some of us that do physical secruity do it trickier, when im gone for more than a day, i take my HD out, put it in a static bag, stash it in the closet under a box of old jeans, then pad lock the case, and flip a kill switch i sodered internally to the PSU :D
 
You must log in or register to reply here.
Back
Top