Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Harm in using Live - CD

  1. #1
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts

    Harm in using Live - CD

    Hi all,

    after collecting all the inputs on innovative usage of Live CD's here I also started thinking in the alternate direction.

    we are collecting all the positive aspects of Live CD.

    But how Live CD could be dangerous.

    Currently i am looking at the security concerns related to Live Cd's.

    I have few idea's in mind which i would like to refine and then present to all.

    in the mean time again i am asking my fellow friends to help me with this study too.

    Please share your thoughts how live CD could be a security concern.
    Last edited by anantshri; 9 May, 2010 at 18:58 PM.

  2. #2
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,055
    Thanks
    346
    Thanked 909 Times in 694 Posts
    Are you talking about the security issues with using Live CDs, usability problems with using them, or copyright issues if you distribute them?

    I don't think people understand your question.
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  3. #3
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts
    Quote Originally Posted by TopDogger View Post
    Are you talking about the security issues with using Live CDs, usability problems with using them, or copyright issues if you distribute them?

    I don't think people understand your question.

    Ohk seems like i got carried away and didn't explained it too well...


    Currently i am looking at the security concerns related to Live Cd's.

    I will update the top post.

  4. #4
    garfish's Avatar
    garfish is offline I'm Not Sure.
    Join Date
    May 2009
    Posts
    848
    Blog Entries
    12
    Thanks
    155
    Thanked 57 Times in 54 Posts
    i don't see any harm using live CDs except that your settings will just be temporary and will disappear after rebooting. so if i just want to try the derivative for awhile, installing it frugally is the best option.

  5. #5
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,329 Times in 1,259 Posts
    A live CD could theoretically contain a trojan which could bypass all security on unencrypted Unix and Windows partitions. It could steal data or install trojans on those partitions.
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  6. #6
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts
    Quote Originally Posted by Will.Spencer View Post
    A live CD could theoretically contain a trojan which could bypass all security on unencrypted Unix and Windows partitions. It could steal data or install trojans on those partitions.
    That is something i was looking for....


    care to share how this could be possible.

  7. #7
    Will.Spencer's Avatar
    Will.Spencer is offline Retired
    Join Date
    Dec 2008
    Posts
    5,033
    Blog Entries
    1
    Thanks
    1,010
    Thanked 2,329 Times in 1,259 Posts
    Quote Originally Posted by anantshri View Post
    That is something i was looking for....
    care to share how this could be possible.
    How could it not be possible? The boot CD would just need drivers to talk to the hard drive and to the selected filesystems (NTFS, EXT4, etc...).

    The boot CD could then copy whatever it wanted to the hard drive, including configuring the trojans to be started on the host operating systems at boot time.

    Ever used Darik's Boot and Nuke? Imagine an evil version of that?
    Submit Your Webmaster Related Sites to the NB Directory
    I swear, by my life and my love of it, that I will never live for the sake of another man, nor ask another man to live for mine.

  8. Thanked by:

    anantshri (11 May, 2010), garfish (10 May, 2010)

  9. #8
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts
    Quote Originally Posted by Will.Spencer View Post
    How could it not be possible? The boot CD would just need drivers to talk to the hard drive and to the selected filesystems (NTFS, EXT4, etc...).

    The boot CD could then copy whatever it wanted to the hard drive, including configuring the trojans to be started on the host operating systems at boot time.

    Ever used Darik's Boot and Nuke? Imagine an evil version of that?
    Thanks for the explanation will.

    Alright now its getting interesting so let me share what i have already thought about on this issue.

    Live CD could by itself act as a Trojan or virus.
    one case explained by Will

    now comes the question how could a seemingly plain looking live cd cause damage.
    so lets assume a case.

    What i want to do : I want to install ubuntu.

    what i will do : I will go to ubuntu.com and download a copy of the latest CD and install it on my PC.
    another option is if my bandwidth is low then i can get it from my "friend".

    Now what can happen :
    1. Suppose the copy provided by friend can contain a simple script inserted inside to execute at specific time informing the owner about the machine as well as providing a back door entry.

    2. suppose the copy was downloaded from ubuntu.com -> people tend to believe the source.
    But lets assume some is hell bent to change this and consider DNS poisoning in the equation and you can very well understand that exact clone of ubuntu but giving a very different cd image to users.


    Besides all this now a days people consider the Live CD's are good for net banking and other sensitive data. they rely so much that the keep forgetting about Man in the Middle attacks.

    these are few of my thoughts

    lets see what others can comeup with.

    and then i will think about ways to prevent it.

  10. #9
    javanx3d's Avatar
    javanx3d is offline Net Builder
    Join Date
    May 2009
    Location
    Germany
    Posts
    916
    Blog Entries
    1
    Thanks
    237
    Thanked 237 Times in 164 Posts
    You could expand the scope to security issues with all portable media...the only way to be fully secure against potential exploits on them is to disallow use, remove or disable the drive/USB/Firewire ports on the computer...but then that's not very usable is it?

  11. #10
    anantshri is offline on leave from Net Builders : will post rarely
    Join Date
    Apr 2010
    Location
    india
    Posts
    338
    Thanks
    80
    Thanked 47 Times in 40 Posts
    Quote Originally Posted by javanx3d View Post
    You could expand the scope to security issues with all portable media...the only way to be fully secure against potential exploits on them is to disallow use, remove or disable the drive/USB/Firewire ports on the computer...but then that's not very usable is it?

    No i am not asking everyone to stop using any or very thing.

    what i want to say is every coin has two faces.

    people in this case only focus on the happy face of live cd's i wanted to collect what could be the bad face of live cd or let it be any live media be it live cd live dvd or live usb.

Page 1 of 2 12 LastLast

Similar Threads

  1. Where do you live?
    By Snobothehobo in forum General Chat
    Replies: 15
    Last Post: 30 June, 2010, 15:49 PM
  2. Where would you like to live?
    By Coelho in forum General Chat
    Replies: 2
    Last Post: 20 June, 2010, 05:39 AM
  3. DomainStryker.com is live!!!
    By wannadevelop in forum Domaining
    Replies: 6
    Last Post: 25 November, 2009, 04:14 AM
  4. How old you want to live?
    By DotComBum in forum General Chat
    Replies: 23
    Last Post: 26 August, 2009, 09:45 AM
  5. Replies: 1
    Last Post: 31 January, 2009, 13:59 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •