[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Find something in the street and plug it in.

Quoting tom r lopes (tomrlopes@gmail.com):

> Well, Rick, It was a wireless transmitter and not a dongle.

Luckily, it indeed _was_ what it was claimed to be on the outside of the
plastic case.

The point is, though, that it's something you found on the sidewalk, 
so there was substantial risk, in plugging it into a real computer's 
USB port, because it could have been reprogrammed or otherwise modfied
to do literally anything that a USB device may do -- including emulate a
keyboard and 'type' OS commands, invisibly to you.

> But in writing the subject line of the email I was thinking of the
> exploit where you scatter USB flash drives with infected files around,
> say, a corporate parking lot.  Then people pick them up and plug into
> their work computer and open the pdf called "Jen's private photos"

This particular scenario is 90% bullshit.  To see why, work out the
threat model.

Are you saying the file is opened by a PDF viewer?  If so, would that be
a non-sucky PDF viewer program, or would it be Adobe Acrobat Reader aka
Acroread (which isn't part of any Linux distro on account of restrictive
proprietary licensing)?  Acroread defaults to executing any embedded
Javascript in an opened PDF (though this extremely dangerous default can
be easily checkboxed to 'off' in Preference).  AFAIK, none of the many
much-better and actually open source PDF viewer programs for Linux has
that gross security defect.

If the PDF either lacks embedded Javascript _or_ is opened by a
non-sucky PDF viewer program, then no code execution ensues.  Hence, no 

(Moral #1:  Friends don't let friends install and use Acroread, or at least
discourage them from permitting Acroread to be used as a 'helper'
application to handle public files.  Fortunately, Linux users can hurt 
themselves in that fashion only by going rather far out of their way to 
retrofit terrible proprietary software.)

(Moral #2:  By and large, code doesn't run itself.  Be skeptical of
claims of mysterious and unexplained code execution causing system
havoc -- tall tales about which emerge frequently from the IT press
uncritically publishing as alleged news coverage press releases from the
AV industry.)

You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20191008070727.GP6980%40linuxmafia.com.