Language Selection

English French German Italian Portuguese Spanish

LUKS mermaids of remote unlock

Filed under
Security

Recently, I’ve browsed several how-to’s regarding the possibility of unlocking a LUKS root volume remotely using an SSH connection. For reference, the first of its kind is the one for Debian, published at Coulmann.de. Some of these how-to’s were posted to forums and mailing-lists and received many thankful comments from sysadmins wondering how to make their encrypted secure setup also easy to administrate.

The problem with their approach is simple: they asked how to fix their setup, but forgot to ask what they’re trying to protect. Having your root filesystem on an encrypted disk doesn’t protect you from remote exploitation or credential leaks. It just protects you from the risk of someone being able to access your machine locally and steal your data, or just steal the whole machine altogether. Now, if I were an attacker having access to your hardware locally,

I could easily setup a trap for you in less than 5 minutes:




More in Tux Machines

NSA partners with Apache to release open-source data traffic program

In partnership with the Apache Software Foundation, the NSA announced on Tuesday that it is releasing the source code for Niagarafiles (Nifi). The spy agency said that Nifi "automates data flows among multiple computer networks, even when data formats and protocols differ". Read more

Expensive "Free/Libre Software Laptop" Uses A NVIDIA GPU

While there's been an ongoing discussion this week about delivering a $500 "open to the core" laptop that runs Ubuntu Linux and would be comprised of open-source software down to the firmware and Coreboot, announced last week was a high-end laptop that also aims to promote free/libre software. Though don't get out your wallets quite yet. Read more

Docker Update Fixes Pair of Critical Security flaws

The open-source Docker container virtualization technology has emerged as one of the hottest and most hyped technologies of the year. Docker, however, isn't immune from security vulnerabilities, as a pair of recent updates illustrate. Read more

Linux-based AUV maps Antarctic sea ice thickness

Woods Hole Oceanographic used a Linux-based “SeaBED” AUV to build the first 3D map of Antarctic sea ice — and found it’s thicker than had been estimated. Every now and then we see some good news about climate change sprinkled in with all the increasingly dire warnings. Yesterday, the New York Times reported that solar and wind energy are starting to become competitive with natural gas. On the same day, Woods Hole Oceanographic Institute (WHOI), based in Massachusetts, announced it had published a paper in Nature Geoscience on experiments run by an autonomous, Linux-based submarine called the SeaBED. The underwater survey indicated that Antarctic sea ice was thicker than had been previously estimated. Read more