[Cryptography] You can't trust any of your hardware
Bear
bear at sonic.net
Mon Aug 4 13:19:23 EDT 2014
On Sun, 2014-08-03 at 22:28 -0400, Jerry Leichter wrote:
> USB memory
> sticks are extremely cheap and produced in the hundreds of millions.
> No one thinks of them as active devices. And yet ... they are. They
> contain significant processing power running non-trivial code - and
> that code can be replaced.
This will not get fixed until some virus or other using it to steal
something important becomes widespread.
That's what I really hate about the situation; in order for it to
be worth anyone's time to fix it, someone first has to use it to
perpetrate a major ripoff. Which means, if the black hats don't
pick it up and run with it and use it to actually hurt people,
nobody ever gets a secure machine.
Meanwhile, can anybody come up with the firmware for an update-
blocking USB hub? I have a feeling that when somebody finally
gets around to wanting one, they'll want it yesterday.
Bear
More information about the cryptography
mailing list