From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6C1911396D9 for ; Wed, 8 Nov 2017 06:03:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A814FE0EC3; Wed, 8 Nov 2017 06:02:57 +0000 (UTC) Received: from mail-yw0-x241.google.com (mail-yw0-x241.google.com [IPv6:2607:f8b0:4002:c05::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 44884E0EA5 for ; Wed, 8 Nov 2017 06:02:57 +0000 (UTC) Received: by mail-yw0-x241.google.com with SMTP id u142so1412102ywg.4 for ; Tue, 07 Nov 2017 22:02:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=qYEQVkWkWbm5vcNKmdagAJOSDlStKXpGYvEODyMetWg=; b=s6FKOvPqimpa3XgwM97UTLj7fqGkQUbAmD+PIYF0M3757pJdWXeK3W3+nc5j3XTl9J tgd+Ns2aMb8AhhDXRArlHPJvZwIrHeawczP8xAybn04TylITyw5nwoEpldUH/Oi7Obwr QAV4bEuJk/io0b76LQRg69GfC8eHzrWonuK+2XAoQx9YO6rp1zulKZW+OIN1punqL4an GyQsC7peMjRo4bWcS5G04uHAL4oGEO1lOvrm/Wl0EZNuU1Pt6huT9MltfAORnl6OcJ1f 8RgqN5BV7MjiBo+6Xx3EoNis9lLHV61Wp3a3lGjT+BJR2NyPoa6eFUdSbxbrbu/WO8eu mXfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=qYEQVkWkWbm5vcNKmdagAJOSDlStKXpGYvEODyMetWg=; b=gV0QvlSSRuejIGxH2IKT4Gg3zQNow8KWwVGspb5+h4Y0kdzmVomwVOT9vDNn6efwiP ltYkL8JSM7aqfRuu3mWR1S0tzfUttxr6yl+0699u3j/1tU394WUCPR6nMv1fFuYA0JWy X9d9Z9grLGZtFQx6UM6xh7m69JcBOIU62O54HI7N/0z35ymjivvFOhFVskO1K8BXYjoh bjPxB1ueJLM65F3U+vaKN0olhg4EDxFo9giim1nWJV1Ra+D2rxrlQlZBd1fOs+FoHB+a j1WL5C/RS2gz9sayNXlhXvhGdz0gJf6M6IHuWDHnt6wyTe+do+AUxS1WSfDV20KkfthD GTqA== X-Gm-Message-State: AJaThX7AvvhSM2WZVrl6vtZ9xjIDb+LUUkkeRO8omxnQrNZMEHgJNk7d 6HhK8jT1ITaCtZyXquWHugQ= X-Google-Smtp-Source: ABhQp+Qf4ioeeu4cUe9cdocHvrYGsJxUbW+xe4fMxotCtthYK707mTDKISSKspzqK71KZhEjw00oIQ== X-Received: by 10.37.43.70 with SMTP id r67mr722833ybr.78.1510120976303; Tue, 07 Nov 2017 22:02:56 -0800 (PST) Received: from [192.168.2.5] (adsl-74-240-55-63.jan.bellsouth.net. [74.240.55.63]) by smtp.gmail.com with ESMTPSA id e203sm1635975ywb.97.2017.11.07.22.02.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Nov 2017 22:02:55 -0800 (PST) Subject: Re: [gentoo-user] Linux USB security holes. From: Dale To: gentoo-user@lists.gentoo.org References: <65c1af14-a224-4c9f-1ca8-eca4ccc71d0f@gmail.com> Message-ID: <3cd9d629-8be8-4b5d-b702-912f26a06bd5@gmail.com> Date: Wed, 8 Nov 2017 00:02:53 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.4.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <65c1af14-a224-4c9f-1ca8-eca4ccc71d0f@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 054bb631-3e90-449c-bb6a-67e08f5d0b7f X-Archives-Hash: c1e6597f42f7b8d34718194945a828b3 Dale wrote: > Howdy, > > I ran up on this link.  Is there any truth to it and should any of us > Gentooers be worried about it? > > http://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/  > > Isn't Linux supposed to be more secure than this?? > > Dale > > :-)  :-)  > To reply to all that posted so far.  I did see that it requires physical access, like a lot of other things.  Once a person has physical access, there are a number of things that can go wrong.  It does seem to be one of those things that while possible, has anyone been able to do it in the real world and even without physical access?  Odds are, no.  Still, all things considered, Linux is pretty secure.  BSD is more secure from what I've read but Linux is better than windoze.  Dale :-)  :-)