On 12/09/13 15:55, Jan wrote: > Do you see any reasonable attack vectors? What do you think?
The moment someone plugs in a mass storage device and we're talking about attacking his computer, I think of a manipulated file system, exploiting an error in the file system driver of the kernel (which runs at a nice privilege level too). I missed that vector in the discussion so far, which focussed on manipulated files. The filesystem is also still there with this USB-via-serial-port thingy. And on the CD. You can avoid a filesystem by just storing a tar archive on the storage. I don't think that's very helpful under Windows, but under Linux, using a block device as tar input/output is easy. Hell, it's what tar was originally made for (tape devices) :). That only helps for the filesystem vector, though. Anybody still using laplink cables? ;) (I once blew up part of a mainboard with a laplink cable. Was on a different phase of the mains electricity than the other PC and not grounded. Gave a nice spark.) HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
