Confused about the security of ubuntu (Linux)

Question

Assume I have a laptop with ubuntu installed and two users abc and root. Both users are password protected. It is possible to reset root password using live CD or USB using chroot which would mean that if someone stole my laptop or held it for sometime, he could reset my user password and get all my information.

If it is possible then how secure is ubuntu and how secure are my files and information?

Even BIOS firmware can be flashed in case I protect it with password.

If you take a look at this question: How do I reset a lost administrative password? you will see that it's not difficult to reset the password or get information off a machine if someone has physical access to it. If you have physical access there is very little to stop someone removing the hard drive plugging it in to another machine and copying all the data for example. If you have data you need to keep secure consider encrypting particular files or directories. — Warren Hill, Aug 07 '14 at 15:54
and in case someone states to use a BIOS password: those are weak too since all of those have defaults passwords that always work... — Rinzwind, Aug 07 '14 at 16:24
possible duplicate of No user name/password required when exploring from live USB? — Eliah Kagan, Apr 07 '15 at 03:23

score 2 · Accepted Answer · answered Aug 07 '14 at 16:21

This is actually OS independent. If an attacker has physical access to your machine, then that machine is compromised. Period. This has nothing to do with what operating system you are using, it is true for all of them.

The only way to protect yourself from that (and it is also imperfect) is to encrypt your data. User passwords fail miserably since, as you point out, it is trivial to boot into a different system. When that happens, your data is under the control of this other OS, and the user passwords of your original system are completely irrelevant.

Confused about the security of ubuntu (Linux)

1 Answers1