[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Find something in the street and plug it in.
- To: berkeleylug@googlegroups.com
- Subject: Re: Find something in the street and plug it in.
- From: Rick Moen <rick@linuxmafia.com>
- Date: Tue, 8 Oct 2019 00:07:27 -0700
- Arc-authentication-results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of rick@linuxmafia.com designates 198.144.195.186 as permitted sender) smtp.mailfrom=rick@linuxmafia.com
- Arc-authentication-results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of rick@linuxmafia.com designates 198.144.195.186 as permitted sender) smtp.mailfrom=rick@linuxmafia.com
- Arc-message-signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:user-agent:organization :in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:sender:dkim-signature; bh=nvz8sYbmkMM9LbSfAmVvAftW+9+ICa8Sf1aN1P7ws50=; b=qGZVP8TbXY5k6ZIbKAJ+quEeD5CPAJb5nX7ud4nPJ35KynR5g4XUsproyLIY5qAhx/ sXRUCUf2mPoXh/Vqgoo2TWTN9lL8bibX9w3MCo9AqESk1/GABpJiAIwhSJjPXI5p4Lu6 Q2Gq5ut24Nc5Gk0TyQb1K3BRVzjDMGgvjguNDhhjpaLi5uaK4Mtr8UjqsT6BGtNlQZCo 1YITImNmz2To5p4ZCIdISaPtK8i27tz3wwd2IY7YMe+y8psDtvyJP8ZLXqUxmz5vmGB9 lNfUTpNT6DppOFcHw2RNNgwbjfviLIUcdzuUrwiYS/CSMnKYWC2jWiCeQWuTzDMwnkJa tINA==
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=user-agent:organization:in-reply-to:content-disposition :mime-version:references:message-id:subject:to:from:date; bh=MLrktVPNWEDK4Ue7Impf612wRtF1wSi3YzH6/cEs66s=; b=KI57CHa/HNpX0rPikwZRWDLmSeYXOe2/85SmXxV180wOLbTjtWckw3fw55LowXY+Ln icgv4622prK0/HEkw4cgehPNOm+909mfg+HLtsWss0i3irtFCAyJpty/P8bQmUbShbvL R6rBRWIwmdtdoOQpObWhLjT0uHX7yhFq177YbkwK3kKuTtm74AK1jA51hoAudVrOLRaW p+GemwpqW5zR2quuB9hmcUT74FljwI8kiwkuZzNPSDUorSVX49D7sZmAOU3vcWe8brMz 9ojn2sQhMScq49VIVMOG2Q8gf8iFxGisdRdI2UcFAGduVvZe6YGTXJYELSJytFjCk+bR 9XTg==
- Arc-seal: i=2; a=rsa-sha256; t=1570518451; cv=pass; d=google.com; s=arc-20160816; b=YWKhEssO4M8713VXclydbspUqrPwJFo3DW0lVcFWvWYg0D9S2M+kXEpaS3HIdYas5k ct94cD+gbUlhiRIcYb+nnnYByybF/o7PO9pb62KMUR6Ny8xt508jXwcSEwwyQoBmskMe N26LvKgmmRmOLJ0c6PRx3UwoYcRnf4sSksUqke439AvjVhHV7K+y5k+qYshDDvFB2o7M AtOVc3t+UjWjqfJ8Ub8b6Dklv496AQt2/COMYkTN1sMhYYXC3PEv1YslAzN5K4oNkKxx Pj7SAqlxvxVL0eF4i7CSEIJjirTg+x1DN8w3Vf1BgEpV+JYVH+LIKY/OK9v3jiY+b2dl W7yA==
- Arc-seal: i=1; a=rsa-sha256; t=1570518450; cv=none; d=google.com; s=arc-20160816; b=h35rsOAoHsLyOpSCoLVtdUOQrPwEaf32/fdfep6j2VeyBjjm5AJH8nWeI8LrXX9lrr IBawENfLlXl3sJ/bWF+qLDiOouSb/5ElOlrbAfb2NG72GotIQwC2ptlGiifpaP0UKnwW CZBaPLIXhbYUG0bK/7wr2jPBiJAnldqegkpyJbGlPRM7J/e3k1F42KLznnhc0eiLswBY +9z9UMpPdYiYetiHQxIUEnnw3k9zoYWSHy6oF4RCIEhnG+CGY/4/aFHsHOauUEq5w8pS c7tmvGiq1zDK4C8dOvpfOGZv0BkMpyjB3h4rleZshbgZE9sgR6lehwm2o8mvJGcKGHrA 4vzw==
- Delivered-to: historian@entropia.netisland.net
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:organization:user-agent :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=nvz8sYbmkMM9LbSfAmVvAftW+9+ICa8Sf1aN1P7ws50=; b=o6WDSwNMvOZ6YffxOR/jWsfTXPG08EhbOjrEH0hEd8pIjkVl4w701+pUOsafAl4pX4 p0xdRrQVkOcNskS5vEk7xfDeEN/doCwCd0LALzAV2ujCZlwdqhjc9fEGoKmjmNxEU7CC Pkr+fJFBNLmy21I+j2Eh7g3P/nWubeDIOgMRnsKEL93W0tIUWkUrZDe2ofTPymY6+zXn vPZSopxmbfhOtu7O9SHJ3K16YxNn1qFM2tXT/IRX6I6iV1erpRw+xSeHikT4IDuQYeg0 mT5SE2iXU4qHOAeF007yD/aAeUOFR7Fpon38QueG5rikSFXwpF79z2H38Zqz8CqCVkYf QOsw==
- In-reply-to: <CAGpvfsr0jHUy=t0G5gY_30tRZyWcJk+bnThYNNJsjG5_bKXC2A@mail.gmail.com>
- List-archive: <https://groups.google.com/group/berkeleylu>
- List-help: <https://groups.google.com/support/>, <mailto:berkeleylug+help@googlegroups.com>
- List-id: <berkeleylug.googlegroups.com>
- List-post: <https://groups.google.com/group/berkeleylug/post>, <mailto:berkeleylug@googlegroups.com>
- List-subscribe: <https://groups.google.com/group/berkeleylug/subscribe>, <mailto:berkeleylug+subscribe@googlegroups.com>
- List-unsubscribe: <mailto:googlegroups-manage+61884646931+unsubscribe@googlegroups.com>, <https://groups.google.com/group/berkeleylug/subscribe>
- Mailing-list: list berkeleylug@googlegroups.com; contact berkeleylug+owners@googlegroups.com
- Organization: If you lived here, you'd be $HOME already.
- References: <CAGpvfso2VhKyf1qZp1L=diUPHWYC6_Hd_fPNOQZa=3v=bLFtKg@mail.gmail.com> <20191007224714.GL6980@linuxmafia.com> <CAGpvfsr0jHUy=t0G5gY_30tRZyWcJk+bnThYNNJsjG5_bKXC2A@mail.gmail.com>
- Reply-to: berkeleylug@googlegroups.com
- Sender: berkeleylug@googlegroups.com
- User-agent: Mutt/1.5.20 (2009-06-14)
Quoting tom r lopes (tomrlopes@gmail.com):
> Well, Rick, It was a wireless transmitter and not a dongle.
Luckily, it indeed _was_ what it was claimed to be on the outside of the
plastic case.
The point is, though, that it's something you found on the sidewalk,
so there was substantial risk, in plugging it into a real computer's
USB port, because it could have been reprogrammed or otherwise modfied
to do literally anything that a USB device may do -- including emulate a
keyboard and 'type' OS commands, invisibly to you.
> But in writing the subject line of the email I was thinking of the
> exploit where you scatter USB flash drives with infected files around,
> say, a corporate parking lot. Then people pick them up and plug into
> their work computer and open the pdf called "Jen's private photos"
This particular scenario is 90% bullshit. To see why, work out the
threat model.
Are you saying the file is opened by a PDF viewer? If so, would that be
a non-sucky PDF viewer program, or would it be Adobe Acrobat Reader aka
Acroread (which isn't part of any Linux distro on account of restrictive
proprietary licensing)? Acroread defaults to executing any embedded
Javascript in an opened PDF (though this extremely dangerous default can
be easily checkboxed to 'off' in Preference). AFAIK, none of the many
much-better and actually open source PDF viewer programs for Linux has
that gross security defect.
If the PDF either lacks embedded Javascript _or_ is opened by a
non-sucky PDF viewer program, then no code execution ensues. Hence, no
'infection'.
(Moral #1: Friends don't let friends install and use Acroread, or at least
discourage them from permitting Acroread to be used as a 'helper'
application to handle public files. Fortunately, Linux users can hurt
themselves in that fashion only by going rather far out of their way to
retrofit terrible proprietary software.)
(Moral #2: By and large, code doesn't run itself. Be skeptical of
claims of mysterious and unexplained code execution causing system
havoc -- tall tales about which emerge frequently from the IT press
uncritically publishing as alleged news coverage press releases from the
AV industry.)
--
You received this message because you are subscribed to the Google Groups "BerkeleyLUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to berkeleylug+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/berkeleylug/20191008070727.GP6980%40linuxmafia.com.