FreeMoney (OP)
Legendary
Offline
Activity: 1246
Merit: 1014
Strength in numbers
|
|
June 22, 2011, 05:30:21 AM |
|
Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?
And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
hugolp
Legendary
Offline
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
|
|
June 22, 2011, 06:13:01 AM |
|
Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?
And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?
I dont think its Ubuntu specific. The user/password part is part of linux (kernel).
|
|
|
|
FreeMoney (OP)
Legendary
Offline
Activity: 1246
Merit: 1014
Strength in numbers
|
|
June 22, 2011, 08:29:32 AM |
|
Is this something that can be bypassed? Would you leave an unencrypted wallet behind it?
And while we're talking about it. If I don't browse to anything the least bit shady I'm not going to get a 'buntu worm guaranteed, right?
I dont think its Ubuntu specific. The user/password part is part of linux (kernel). Does that mean it's really strong? Like if I forget the pass I'm locked out of my data for good or someone could conceivably get in?
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
Michael
Newbie
Offline
Activity: 21
Merit: 0
|
|
June 22, 2011, 08:56:10 AM |
|
If you have not encrypted your home directory, then no your login is insufficient to protect anything. An attacker, once they have your computer, can remove the hard drive, mount it on an other computer, and get whatever they want.
If you have encrypted your home directory, then, I'm unsure. Seriously, I don't know. I don't know enough about how Ubuntu does home directory encryption. However, I would guess that it would be enough.
|
|
|
|
861362
Newbie
Offline
Activity: 11
Merit: 0
|
|
June 22, 2011, 12:57:41 PM |
|
There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.
With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.
You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.
There are no guarantees, just levels of confidence.
|
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 22, 2011, 01:04:52 PM |
|
when you bootup, you press escape, you get to grub. and from there you can bypass whole the boot process.
of couse you can have encrypted homedirs, with ecryptfs
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 22, 2011, 01:07:11 PM |
|
There's not even any need to pull the disk. Without any encryption it is trivial to boot into the root account, change any password, collect any files, install any software, and put the passwords back when you're done if you want.
With home directory encryption your personal files would be safe, nobody is going to get access to those unless they have your password. Of course, if they have repeated physical access while it's in you possession they could boot into the root account and install a key-logger.
You don't have to browse shady things to be a potential target. For example, compromised ad servers can push attacks across many popular respectable sites.
There are no guarantees, just levels of confidence.
you could also do some of the coldboot voodoo, reading from coldbooted ram attacks, to get the password.
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
FreeMoney (OP)
Legendary
Offline
Activity: 1246
Merit: 1014
Strength in numbers
|
|
June 22, 2011, 07:16:58 PM |
|
I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).
Thanks all.
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
kokjo
Legendary
Offline
Activity: 1050
Merit: 1000
You are WRONG!
|
|
June 22, 2011, 07:22:55 PM |
|
I had a feeling it wasn't that secure, but it almost seems pointless (er, I guess I couldn't have gotten into someones computer).
Thanks all.
it is secure if you encrypt the home dir
|
"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
|
|
|
|