-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/06/14 10:24, Robert J. Hansen wrote: > Exactly what I said. USB is completely broken as far as security > goes. A USB device cannot be made secure. Thumb drives are malware > vectors par excellence, and with some of the recent attacks which > work by exploiting the firmware things get even nastier and harder > to defend against. If you're concerned about a remote attacker > exploiting your system from afar, you should also be concerned > about a remote attacker rooting your box and exploiting the hell > out of your USB stack.
It should also be pointed out that if your system is secure, then storing your keyring on your computer is safe anyway; but if your computer has already been compromised, then storing your keyring on a USB stick, which must be mounted on your already-compromised computer to use it, is AT BEST no more secure than storing the keyring on the computer in the first place was. And it may be *worse*, because the compromised computer may use the USB stick as a vector to compromise other computers you have that were previously secure. - -- Phil Stracchino Babylon Communications [email protected] [email protected] Landline: 603.293.8485 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlPicqkACgkQ0DfOju+hMkln5gCg+8zZods2Le69kR85aZ6dWNtZ sXwAoJGG8+UcJzeBnaZqYnfQTAegO2Du =Ql9U -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
