On Sat, 16 Dec 2006, Patrick wrote:
> spammailme@gmail.com wrote:
> > All -
> >
> > I was wondering ideas on how to gain control of linux boxes with physical
> > access to them in the hosting facility.
> >
> > The owner has code on them yet never bothered monitoring or gaining root
> > access and her developers are blackmailing her. She has access the the
> > hosting facility and the servers and backup staff yet needs to regain
> > control of the servers.
>
> If she has physical access, then she does not need anything else
> (other than a competent Linux person).
As a note... today statements such as (as I used to make as well) "once
you have physical access, the game is lost" are no longer true.
I divide them today by:
1. Limited-time physical access (implies #3 below).
2. Full physical access (take the machine apart).
and, if you like;
3. Surface physical access (touch the machine, don't disturb it inside the
box or power supply).
The difference is between using a USB drive to attack the machine when you
pass it by or clean the desk, to taking it apart and mounting the hard
drive to on separate box.
Using a boot disk is somewhere in the middle, which I consider #2 above
due to power-off/boot.
Gadi.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
|