Re: rootkit and 10 minutes ?

[Jean-Luc Cooke <jlcooke@certainkey.com>]

On Wed, Oct 02, 2002 at 06:53:29PM +0200, Earl wrote:
> Hi all,
> 
> p> BTW, cryptography is not the 100% perfectly final solution. It is a
> p> fairly good protection, in some cases, but nothing more. If someone can 
> p> access your laptop during 10 minutes, he can boot on a floopy and put a 
> p> rootkit with a keylogger and your encryption is dead...
> 
> Good point!  The chain is only as strong as the weakest link.....
> 
> Can all processes be observed in Linux, or is a rootkit invisible as a
> process?  Is a keylogger invisible as a process?
> 
> If Linux is not capable of natively showing all running processes, are
> there pgms available which are capable of this?
> 
> p> If someone can access your laptop during 10 minutes, he can boot on
> p> a floopy and put a rootkit with a keylogger and your encryption is
> p> dead...
> 
> I have heard that physical possession of a Linux computer allows
> anyone to take over as root, etc.  It seems to me that this is a huge
> security hole.  Can I assume that this is still true in every distro?

...biometric laptops help too...

> Is no one concerned about this problem?  Is this an inherent weakness
> of Linux that can not be corrected?

USB key stores (or floppies) with a password encrypted keyfile to decrypt
your FS is a bit better.  Make the kernel prompt this, not user land.  So the
hacker would have to recompile the kernel to get your password/file/key.
Making the "10min" problem a "30-60min" problem.

JLC - participated in too many of the "crypto isn't enough" rants.

-- 
http://www.certainkey.com
Suite 4560 CTTC
1125 Colonel By Dr.
Ottawa ON, K1S 5B6
C: 613.263.2983
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/