Sounds silly. Because if 1) the attacker has physical access, AND 2) there is no secure/trusted boot in place, then she could ALWAYS deploy an evilmaid attack (just remove the disk), regardless of silly GRUB authentications... #sigh https://twitter.com/josephfcox/status/968503797361315840 …
-
This Tweet is unavailable.
-
Replying to @rootkovska
Physical access comes in various shades. IMHO if we dismiss attacks like this (which take very little time and mean low exposure for attacker) we're close to dismissing workstation locking and really any physical local authentication, aren't we?
1 reply 0 retweets 1 like -
Replying to @mkolsek
Disagree. Workstation locking (aka screen locker) is a valid and important security measure. At first when I saw this I thought it was about screenlocker bypass, which would be a big deal indeed.
1 reply 0 retweets 0 likes -
Replying to @rootkovska @mkolsek
Aside from visible effect of reboot, it's similar to screen locker bypass. Just cut power momentarily then bs bs bs ...
1 reply 0 retweets 0 likes -
Two unrelated points: (1) if you reboot you no longer have immediate access to encrypted fs (you backdoor, wait), so on laptop/desktop screen locker might be more relevant than bootloader password; (2) on some servers bootloader password is relevant to mitigate IP-KVM compromise
1 reply 0 retweets 2 likes
Yep, agree with both. I was thinking of case without encrypted fs or even bootloader pass.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.