I read somewhere that there are usb's with physical write-lock switches on them so even if you plugged it into an infected computer as long as the usb was locked it couldnt bypass it. I dont know what the specific feature is called and havent seen it on any usb's lately.
-------- Original Message -------- From: Baffo32 <[email protected]> Apparently from: [email protected] To: User support for Tails <[email protected]> Subject: Re: [Tails-support] usb firmware malware,how to check for this and what can it do on tails? Date: Wed, 27 Aug 2014 12:54:55 -0400 > Hi, > > It is so great to see discussions like this. > > Unfortunately the tails bootloader signature changes every install, and the > upgrade process is a little not consistent between upgrade paths, so > cryptographic verification can be more complex than it needs to be. > > What do you think of some kind of usb sniffing to help deal with such an > issue? > > On Aug 27, 2014 7:31 AM, "mercedes508" <[email protected]> wrote: > > > > Hi, > > > > > I was wondering how to tell if your usb's firmware has been modified > > > by malicious malware/trojans and what effect would this have on > > > tails? Could the malware phone home bypassing Tor without necessarily > > > having to be made for tails? And if this malware was designed to > > > infect tails, how could one integrity check tails system files to > > > make sure nothing critical was modified? > > > > Actually it is hard to tell anything about such complex and generally > > kept-secret possibilities. > > > > But unfortunately, you can do a cryptographic verification once it's > > installed. > > > > Cheers. > > _______________________________________________ > > tails-support mailing list > > [email protected] > > https://mailman.boum.org/listinfo/tails-support > > To unsubscribe from this list, send an empty email to > > [email protected]. > > _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
