From: R0b0t1 <r030t1@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Linux USB security holes.
Date: Wed, 8 Nov 2017 00:48:22 -0600 [thread overview]
Message-ID: <CAAD4mYjwv8QgrSwaFoCYRZ2dYQgjSMuKBM0=b0kRUzo4NZ=6mQ@mail.gmail.com> (raw)
In-Reply-To: <CAAD4mYjDGCUHn-ot65oqAtmmhZfhwZCfdsuZ8sZmZu3=9JrgjA@mail.gmail.com>
On Wed, Nov 8, 2017 at 12:10 AM, R0b0t1 <r030t1@gmail.com> wrote:
> On Wed, Nov 8, 2017 at 12:02 AM, Dale <rdalek1967@gmail.com> wrote:
>> Dale wrote:
>>> Howdy,
>>>
>>> I ran up on this link. Is there any truth to it and should any of us
>>> Gentooers be worried about it?
>>>
>>> http://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/
>>>
>>> Isn't Linux supposed to be more secure than this??
>>>
>>> Dale
>>>
>>> :-) :-)
>>>
>>
>>
>> To reply to all that posted so far. I did see that it requires physical
>> access, like a lot of other things. Once a person has physical access,
>> there are a number of things that can go wrong.
>>
>> It does seem to be one of those things that while possible, has anyone
>> been able to do it in the real world and even without physical access?
>> Odds are, no.
>>
>
> The most widely publicized example is STUXNET. There are also reports
> that malicious USB keys with driver-level exploits are sometimes used
> for industrial espionage.
>
> The key point being that in either case, someone is spending a lot of
> money to research and set up a plausible attack.
>
>> Still, all things considered, Linux is pretty secure. BSD is more
>> secure from what I've read but Linux is better than windoze.
>>
>> Dale
>>
>> :-) :-)
>>
I suppose I should add that once the basic work has been done for an
exploit like this it will have great reproducibility. But at that
level you are (usually) talking about very well funded actors, and one
should also be worried about controller-level exploits that would be
much harder to discover from an operating system.
If you can't surround your computer with trustworthy armed guards,
assume you suffer from a serious vulnerability based on the
preliminary work the article is talking about.
Rainbows and Sunshine,
R0b0t1
next prev parent reply other threads:[~2017-11-08 6:48 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-08 5:08 [gentoo-user] Linux USB security holes Dale
2017-11-08 5:48 ` Adam Carter
2017-11-08 5:49 ` R0b0t1
2017-11-08 15:40 ` [gentoo-user] " Grant Edwards
2017-11-08 5:53 ` [gentoo-user] " J. Roeleveld
2017-11-08 19:35 ` [gentoo-user] " Ian Zimmerman
2017-11-09 6:10 ` J. Roeleveld
2017-11-08 6:02 ` [gentoo-user] " Dale
2017-11-08 6:10 ` R0b0t1
2017-11-08 6:48 ` R0b0t1 [this message]
2017-11-08 7:24 ` Dale
2017-11-09 14:07 ` Taiidan
2017-11-08 15:23 ` Martin DiViaio
2017-11-08 21:02 ` Alan McKinnon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAD4mYjwv8QgrSwaFoCYRZ2dYQgjSMuKBM0=b0kRUzo4NZ=6mQ@mail.gmail.com' \
--to=r030t1@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox