Posts

Showing posts with the label security

Whoops! Gain root in Ubuntu recovery mode

In the Live-CD/USB install of the popular Ubuntu and its derivatives, the installer easily automates the encryption of home folders - a good feature for security, especially on a laptop. Should your laptop ever get stolen, the thieves won't be able to pull the hard drive out of your computer and be able to grab your personal information off of it. At least, in theory. Ubuntu and its derivatives by default do not give the root user a password, instead relying on the sudo command to perform tasks as an administrator. There are obvious benefits to this (a quick Google will give you a list), however this leaves open a massive loophole which effectively undermines any hard drive encryption. Without an explicit root password, a simple reboot of the computer into recovery mode will automatically boot into single user mode - as root. HDD encryption only works to keep people who cannot log into your system from viewing your files. As soon as someone is able to boot the system and log i