Log into most any Linux system by hitting backspace 28 times

picture

Security researchers have discovered a ludicrously simple way to hack into a number of Linux distributions: Just tap the backspace key 28 times in a row. A team from the Cybersecurity Group at Polytechnic University of Valencia (UPV) in Spain found that doing so for builds utilizing the ubiquitous Grub2 bootloader — that’s to say just about all of them — immediately bypasses the lock screen, initiates the “Grub rescue shell” and grants the user access to the system for whatever nefarious things they have in mind.

The team found that the backspace trick triggers a memory error, which in turn launches the rescue shell. The bug isn’t a huge threat — I mean, a hacker would need physical access to your machine in order to exploit it — especially now that Ubuntu, Red Hat, and Debian all have released patches.

Via: Motherboard

Source: Hector Marco, Engadget

DevSecOps?

There is a great deal of confusion among Traditional Security Teams on what DevSecOps means to them? I am sure most of us are catching up with this evolution and this new trend on how we do security in DevOps world. I am sure there is lot of discussions happening around this space. Personally I believe DevSecOps means { Dev=”Developers”, Sec=”Security as Code”, Ops=”Operations”}. To an extent security must be automated as controlled gates in the process of CI/CD.

Please share your thoughts…