On 15/08/2019 21:57, Rebecca N. Palmer wrote:
Paul Wise wrote:
Based on the serial number deletion, I'd speculate that some internal
part of the flash holding details about the device identity
malfunctioned, so the firmware reverted back to the default hardcoded
product id for Alcor flash
The key question about it is how the archive keys are handled. I believe
that keeping such a key offline would be a whole lot of work. It would
perhaps also help to have it on a gpg-Smartcard.
Am 23.08.19 um 09:10 schrieb Rebecca N. Palmer:
On 17/08/2019 12:18, Elmar Stellnberger wrote:
to
On 17/08/2019 12:18, Elmar Stellnberger wrote:
to be safe the key
handling policy needs to be offline enforced
There have been various attempts to encourage / simplify the use of
offline keys, but it isn't currently required in Debian, and some of
them only suggest keeping the master key
Read only switches are a security feature because you can read the
content without the fear that it may be altered.[...] The read-only
switch makes it as safe as a read only burnt dvd.
The physical read-only switch on SD cards isn't: it's enforced at
software level, not hardware level.
I have now done the check from a boot DVD: clean, but as already noted,
there are places it doesn't check.
On 16/08/2019 20:14, Elmar Stellnberger wrote:
Concerning your program I
have seen that it uses /var/lib/dpkg/info/$2.md5sums. This is inherently
unsafe because an attacker can simply
Another potential home for this script is tiger, which also currently
has an MD5-only checker:
https://sources.debian.org/src/tiger/1:3.2.4%7Erc1-1/systems/Linux/2/deb_checkmd5sums/
It may be more probable that they simply infect a hidden file in your
home directory[...]
I would
Am 15.08.19 um 22:57 schrieb Rebecca N. Palmer:
That would suggest it's not them, as the obvious reason to target me
is to trick me into uploading malware.
If that is the case you would have to take hellish care. I have read
articles of the compiler as attack vector, i.e. an altered
unsubscribe
> On 16 Aug 2019, at 19:16, Elmar Stellnberger wrote:
>
>
>>
I have only seen intelligence visiting my home when I left an offline
computer around with HDD.
>>>
>>> If you feel safe answering: what country was this in? Your name and time
>>> zone suggest
I have only seen intelligence visiting my home when I left an
offline computer around with HDD.
If you feel safe answering: what country was this in? Your name and
time zone suggest Germany/Austria/Switzerland, which I wouldn't have
thought of as the kind of places that do this.
With
I have only seen intelligence visiting my home when I left an offline
computer around with HDD.
If you feel safe answering: what country was this in? Your name and
time zone suggest Germany/Austria/Switzerland, which I wouldn't have
thought of as the kind of places that do this.
*Benjamin Franklin* once said: "Those who would *give up* essential
Liberty, to purchase a little temporary Safety, deserve neither Liberty
nor Safety."
I suspect statesman of many nations have made similar declarators.
Why is privacy almost complete gone (IMHO) ...
1. The strange need to post
On 15/08/19 22:57, Rebecca N. Palmer wrote:
I have only seen intelligence visiting my home when I left an offline
computer around with HDD.
If you feel safe answering: what country was this in? Your name and
time zone suggest Germany/Austria/Switzerland, which I wouldn't have
thought of as
Paul Wise wrote:
but at least some USB flash drives instead use an SCSI command [1],
which usbguard won't catch.
This seems like a significant missing feature, but I guess it would
require a fair bit of Linux kernel work to support filtering such
commands.
If the attacker has root (which
Dear Rebecca
Am 13.08.19 um 09:14 schrieb Rebecca N. Palmer:
(b), physical access attack, would require an attacker breaking into
my home. (It has been several years since I last took the affected
flash drive anywhere else or plugged it into any other computer.) If
they're willing to do
On Tue, Aug 13, 2019 at 3:30 PM Rebecca N. Palmer wrote:
> but at least some USB flash drives instead use an SCSI command [1],
> which usbguard won't catch.
This seems like a significant missing feature, but I guess it would
require a fair bit of Linux kernel work to support filtering such
(Warning: this is being sent from the affected computer, so don't trust
"me". BCCd recipients: anyone can post to the debian-security list, but
be aware that its public archive does not spam-protect email addresses)
I use usbguard [0], set to allow only the specific USB devices I have.
One
16 matches
Mail list logo