Language Selection

English French German Italian Portuguese Spanish

LUKS mermaids of remote unlock

Filed under
Security

Recently, I’ve browsed several how-to’s regarding the possibility of unlocking a LUKS root volume remotely using an SSH connection. For reference, the first of its kind is the one for Debian, published at Coulmann.de. Some of these how-to’s were posted to forums and mailing-lists and received many thankful comments from sysadmins wondering how to make their encrypted secure setup also easy to administrate.

The problem with their approach is simple: they asked how to fix their setup, but forgot to ask what they’re trying to protect. Having your root filesystem on an encrypted disk doesn’t protect you from remote exploitation or credential leaks. It just protects you from the risk of someone being able to access your machine locally and steal your data, or just steal the whole machine altogether. Now, if I were an attacker having access to your hardware locally,

I could easily setup a trap for you in less than 5 minutes:




More in Tux Machines

Head 2 Head: Android OS vs. Chrome OS

A large part of Google’s OS success hasn’t been because of its awesomeness. No. Frankly, we think nothing speaks louder than the almighty dollar in this world. But both are “free,” right? So this is tie? Not really. Although Android is technically free since Google doesn’t charge device makers for it, there are costs associated with getting devices “certified.” Oh, yeah, and then there’s Apple and Microsoft, both of which get healthy payouts from device makers through patent lawsuits. Microsoft reportedly makes far more from Android sales than Windows Phone sales. You just generally don’t see the price because it’s abstracted by carriers. Chrome OS, on the other hand, actually is pretty much free. A top-ofthe-line Chromebook is $280, while a top-of-the-line Android phone full retail is usually $600. We’re giving this one to Chrome OS because if it’s generally cheaper for the builder, it’s cheaper for you. Read more

Kodi (XBMC Media Center) 14.2 Officially Released, Kodi 15 “Isengard” Is On Its Way

The Kodi development team, through Nathan Betzen, had the pleasure of announcing today, March 28, the immediate availability for download of the second and last maintenance release for Kodi 14 (codename Helix), before they continue with the development cycle for the upcoming release, Kodi 15, dubbed Isengard. Read more

Debian 8 Jessie Installer Now Supports Running a 64-bit Linux Kernel on a 32-bit EFI

The Debian Installer team had the pleasure of announcing on March 27 that the second Release Candidate (RC) version of the Debian 8.0 "Jessie" installer is now available for download and testing. The RC2 version of the installer brings a great number of improvements and fixes. Read more

First Look at GNOME 3.16

The highly anticipated GNOME 3.16 desktop environment for Linux kernel-based operating systems has been announced on March 26, 2015, and has been declared by the GNOME development team as the best GNOME release yet. Of course, we wanted to give GNOME 3.16 desktop environment a try and see for ourselves the new features, apps, and improvements. Read more