If you really must keep up to date . . . .- http://threatpost.com/
On Sun, Dec 7, 2014 at 8:53 PM, William Hermans <[email protected]> wrote: > BTW, any who cares, Deian is one of the oldest, and most reliable distro's > - period, even it was susceptible to this bash exploit. The only thing you > can do in any case short of locking this device up in a closest with no > power is keep up to date with the technology you're using. > > A "real hacker" doesn't care about your system only the data it presents > to him / her. The rest are script kiddies, and generally easy to foil. > > On Sun, Dec 7, 2014 at 8:48 PM, William Hermans <[email protected]> wrote: > >> You cant apt-get update && apt-get upgrade . . . >> apt-get install x.y.z, but until you understand the OS *completely* >> you'll never feel good. Best practices - Only install what you need and >> completely understand what you install. Anything potentially facing the >> internet is at risk - period.. >> >> The long standing bash exploit ( 19+ years ) is a perfect example of >> that. >> >> On Sun, Dec 7, 2014 at 5:02 PM, Robert Nelson <[email protected]> >> wrote: >> >>> On Sun, Dec 7, 2014 at 5:24 PM, Tommi <[email protected]> wrote: >>> > Hey, >>> > >>> > I am using the BBB for backup (via BTSync, this also gives me some >>> troubles >>> > lately, but that is a different story...). I am thinking of bringing >>> the BBB >>> > to work (at a university) to get a real off-site backup. However, I am >>> not >>> > sure what steps I should take in order to make sure nobody can access >>> my >>> > files there. So my questions are: >>> > >>> > 1) What should I do to make sure it is secure? I think I would even be >>> happy >>> > only to access it via USB and the webserver of BTsync (port 8888) >>> > >>> > 2) What services could I shut off? I don't need the GUI, the webserver, >>> > could probably lock down many ports and other services I do not even >>> know >>> > that they are currently running... >>> > >>> > 3) Potentially I could also hook the BBB to my computer via USB and >>> share >>> > Internet with it. Would that be a more secure option? >>> >>> Just some quick points, as you could spend a lot of time/research into >>> this topic.. >>> >>> Physical access = root access... Unless you physcally modify the board >>> with a gallon of hard epoxy and seal it in concrete. ;) The board was >>> designed for ease of development... >>> >>> By the default, the bb.org image has root access open (no password) >>> and ssh on port 22.. >>> >>> There's a script under: >>> >>> /opt/scripts/un-tweak-image/debian-re-secure-root-ssh.sh >>> >>> That'll reset root to a password (root) and disable root over ssh. >>> >>> Next disable bone101/cloud9 both applications give you root access to. ;) >>> >>> BTW, for this project, starting with something really bare bones such as: >>> >>> >>> https://eewiki.net/display/linuxonarm/BeagleBone+Black#BeagleBoneBlack-Debian7(smallflash) >>> >>> Regards, >>> >>> -- >>> Robert Nelson >>> http://www.rcn-ee.com/ >>> >>> -- >>> For more options, visit http://beagleboard.org/discuss >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "BeagleBoard" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
