|Re: [Hangout-NYLXS] GRUB Vulnerability
> I would like to see you break into a server through Grub's Boot options
> by a network connected machine. THAT is not going to happen.
> I want to see demonstrated that you can have the server turned off, you
> on the networked machine, turn on the server and you connect to the
> server when GRUB kicks in, and then you break into it through GRUB with
> 28 backspace keystrokes on your machine. THAT is not going to happen.
> You need to have physical access to the machine to do this. That makes it
> trivial in trying to get in when you have no keyboard access to the
> machine physically. So again, when you deal with the physical security of
> the machine and no one can have access to it - WHERE'S THE
All that "yelling at me" does is end the conversation in a meaningless way;
it tells me you don't want to talk about it, certainly not with me, and that
you've made up your mind regardless of whatever I might think. It certainly
doesn't feel civil or anything like collaboration.
I've shown is that GRUB2 has network capability, and we know that it had a
password exploit. I don't know if it's possible to exploit the password
entry over the network, but insisting that it's impossible without any
looking into it doesn't seem like the right answer.
hangout mailing list