R0b0t1 wrote: > On Wed, Nov 8, 2017 at 12:10 AM, R0b0t1 <r03...@gmail.com> wrote: >> On Wed, Nov 8, 2017 at 12:02 AM, Dale <rdalek1...@gmail.com> wrote: >>> Dale wrote: >>>> Howdy, >>>> >>>> I ran up on this link. Is there any truth to it and should any of us >>>> Gentooers be worried about it? >>>> >>>> http://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/ >>>> >>>> Isn't Linux supposed to be more secure than this?? >>>> >>>> Dale >>>> >>>> :-) :-) >>>> >>> >>> To reply to all that posted so far. I did see that it requires physical >>> access, like a lot of other things. Once a person has physical access, >>> there are a number of things that can go wrong. >>> >>> It does seem to be one of those things that while possible, has anyone >>> been able to do it in the real world and even without physical access? >>> Odds are, no. >>> >> The most widely publicized example is STUXNET. There are also reports >> that malicious USB keys with driver-level exploits are sometimes used >> for industrial espionage. >> >> The key point being that in either case, someone is spending a lot of >> money to research and set up a plausible attack. >> >>> Still, all things considered, Linux is pretty secure. BSD is more >>> secure from what I've read but Linux is better than windoze. >>> >>> Dale >>> >>> :-) :-) >>> > I suppose I should add that once the basic work has been done for an > exploit like this it will have great reproducibility. But at that > level you are (usually) talking about very well funded actors, and one > should also be worried about controller-level exploits that would be > much harder to discover from an operating system. > > If you can't surround your computer with trustworthy armed guards, > assume you suffer from a serious vulnerability based on the > preliminary work the article is talking about. > > Rainbows and Sunshine, > R0b0t1 > >
I've considered encrypting my stuff. I'm talking locked down from power up all the way through. Those who have been on this list a while and know me, they know that would be a disaster. If anything could go wrong with it, it would. While I try to be secure, I'm not going nuts over it. I do lock my screen if I leave and sometimes even logout but I don't put hand grenades and other booby traps around it. Heck, if I did, I'd likely trip up and hurt myself. Ooops!! I guess I'll just kept my top secret stuff in my head. ;-) Dale :-) :-)