Thanks for your suggestions. I will look more into it. I am aware that full security is not achievable, I wanted more to make sure that there is no super easy way in where everyone could just see whatever they want to.
Also that was my point about removing/disabling unused features. Then I do not need to keep them up to date when they are not present any more. Thanks! Tommi On Sunday, December 7, 2014 11:08:22 PM UTC-5, William Hermans wrote: > > and . . . > http://goto.fail/blog/2014/11/25/at-and-t-u-verse-vap2500-the-passwords-they-do-nothing/ > > Some ppl just don't "get it". > > Anyway, the moral of my long winded story ? If you do not trust it, do > some research on your own . . . > > On Sun, Dec 7, 2014 at 9:03 PM, William Hermans <[email protected] > <javascript:>> wrote: > >> If you really must keep up to date . . . .- http://threatpost.com/ >> >> On Sun, Dec 7, 2014 at 8:53 PM, William Hermans <[email protected] >> <javascript:>> wrote: >> >>> BTW, any who cares, Deian is one of the oldest, and most reliable >>> distro's - period, even it was susceptible to this bash exploit. The only >>> thing you can do in any case short of locking this device up in a closest >>> with no power is keep up to date with the technology you're using. >>> >>> A "real hacker" doesn't care about your system only the data it presents >>> to him / her. The rest are script kiddies, and generally easy to foil. >>> >>> On Sun, Dec 7, 2014 at 8:48 PM, William Hermans <[email protected] >>> <javascript:>> wrote: >>> >>>> You cant apt-get update && apt-get upgrade . . . >>>> apt-get install x.y.z, but until you understand the OS *completely* >>>> you'll never feel good. Best practices - Only install what you need and >>>> completely understand what you install. Anything potentially facing the >>>> internet is at risk - period.. >>>> >>>> The long standing bash exploit ( 19+ years ) is a perfect example of >>>> that. >>>> >>>> On Sun, Dec 7, 2014 at 5:02 PM, Robert Nelson <[email protected] >>>> <javascript:>> wrote: >>>> >>>>> On Sun, Dec 7, 2014 at 5:24 PM, Tommi <[email protected] >>>>> <javascript:>> wrote: >>>>> > Hey, >>>>> > >>>>> > I am using the BBB for backup (via BTSync, this also gives me some >>>>> troubles >>>>> > lately, but that is a different story...). I am thinking of bringing >>>>> the BBB >>>>> > to work (at a university) to get a real off-site backup. However, I >>>>> am not >>>>> > sure what steps I should take in order to make sure nobody can >>>>> access my >>>>> > files there. So my questions are: >>>>> > >>>>> > 1) What should I do to make sure it is secure? I think I would even >>>>> be happy >>>>> > only to access it via USB and the webserver of BTsync (port 8888) >>>>> > >>>>> > 2) What services could I shut off? I don't need the GUI, the >>>>> webserver, >>>>> > could probably lock down many ports and other services I do not even >>>>> know >>>>> > that they are currently running... >>>>> > >>>>> > 3) Potentially I could also hook the BBB to my computer via USB and >>>>> share >>>>> > Internet with it. Would that be a more secure option? >>>>> >>>>> Just some quick points, as you could spend a lot of time/research into >>>>> this topic.. >>>>> >>>>> Physical access = root access... Unless you physcally modify the board >>>>> with a gallon of hard epoxy and seal it in concrete. ;) The board was >>>>> designed for ease of development... >>>>> >>>>> By the default, the bb.org image has root access open (no password) >>>>> and ssh on port 22.. >>>>> >>>>> There's a script under: >>>>> >>>>> /opt/scripts/un-tweak-image/debian-re-secure-root-ssh.sh >>>>> >>>>> That'll reset root to a password (root) and disable root over ssh. >>>>> >>>>> Next disable bone101/cloud9 both applications give you root access to. >>>>> ;) >>>>> >>>>> BTW, for this project, starting with something really bare bones such >>>>> as: >>>>> >>>>> >>>>> https://eewiki.net/display/linuxonarm/BeagleBone+Black#BeagleBoneBlack-Debian7(smallflash) >>>>> >>>>> Regards, >>>>> >>>>> -- >>>>> Robert Nelson >>>>> http://www.rcn-ee.com/ >>>>> >>>>> -- >>>>> For more options, visit http://beagleboard.org/discuss >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "BeagleBoard" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected] <javascript:>. >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>> >> > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
