maxxcool wrote:http://lifehacker.com/you-can-break-into-a-linux-system-by-pressing-backspace-1748370796
In order to exploit this bug, you need to be sitting at the keyboard as the system is booting up. While it's a pretty serious "D'oh!" moment (and if you know C and look at the code in question it is hard to believe that this made it into the official GRUB code base), it is nowhere near being the security apocalypse that some are portraying it as. The potential for remote exploits based on this is essentially zero, unless you've got servers with remote management (IPMI or Ethernet KVM) ports connected to a network which has already been compromised (in which case you're screwed regardless).
whm1974 wrote:That problem has already been fixed. And no OS is hack proof.
It's a little disingenuous to say it has "already been fixed" though. Yes, the upstream code has been patched. But there are millions of devices out there still running the bad code, many of which will probably never be patched. The reason it isn't "that bad" is as I noted above, not the fact that it has already been patched.