On 13/09/13 09:19, NdK wrote: > PS: I'll tell you a secret: there are USB keys with a "write protect" > switch :)
Since people were concerned about hacking the USB key, you need to define the scenario. First of all, if we are talking about hacking through a rogue firmware update for the USB key: is the write protect switch directly connected to the "Write enable" line of the flash chip or is it done in the firmware? In the latter case, it's useless. In the former case: the flash chip is reasonably intelligent, and "closed source". There could be an exploit to write to it even when the "Write enable" line is not asserted. If we're talking about hacking the USB key by getting your hands on it and physically altering it, I don't even need to explain. Although if you keep the stick next to your offline PC, the attacker will probably not bother with the stick ;). So it really depends on your threat model if that switch is useful. > And attacking your update medium is probably easier than attacking the USB > key. I think in my case, the only difference is the added possibility of attacking the package manager. I put a debian mirror on an external hard disk, connect that to my offline PC and then update the system. I think it would be difficult to remove the package manager from the equation, unless you switch distro's :). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
