W dniu 2016-05-14 o 01:47, Tony Harminc pisze:
On 13 May 2016 at 19:19, R.S. <[email protected]> wrote:
It's absurd. Completely ridiculous.
Pendrive from IBM is not likely to have a virus.
True. But it's related to the argument that airline pilots should not
be security screened at airports. Of course it's not about screening
pilots, but rather those who *look like* pilots.
If you buy in quantity, I'm sure these people will put a logo of your
choice on your "pen drive":
http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe
Or probably the clip is a standard size, and an IBM one can easily be
substituted for the duck one.
The relationship to the pilots case is simply wrong.
Yes, there are USB with a virus, there are also "hardware infected"
pendrives.
So?
Simple security sealing resolve the problem of media genuity. As with
the tapes.
Remember, the tape could contain malicious code also! Rhetorical: Do you
security-check your installation tapes? What about IBM-delivered DVDs???
When talking about infected code on USB stick (including USB stick HW)
we should consider the following cases:
1. Modified/infected z/OS code. In this case it doesn't matter what
media is used. The same risk is for tape or DVD. Indirect Internet
download is also somehow affected.
2. The malicious code is intended to infect the workstation. The methods
for attack are well known:
2.1 autorun.inf - should be disabled as a general rule.
2.2. virus.exe or boobs.exe - phising.
2.3. HW code. More complex.
Fortunately methods 2.1 and 2.2 cannot infect HMC. The last one is very
unlikely.
Last but not least: such attack would have to be dedicated to given
company. With very doubtful effect in case of succesful infection. It
would be extremely hard time consuming and expensive. It is much cheaper
to bribe or blackmail some insider.
BTW: It remains me Tylenol affair from early eighties.
--
Radoslaw Skorupka
Lodz, Poland
--
Treść tej wiadomości może zawierać informacje prawnie chronione Banku
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.
This e-mail may contain legally privileged information of the Bank and is
intended solely for business use of the addressee. This e-mail may only be
received by the addressee and may not be disclosed to any third parties. If you
are not the intended addressee of this e-mail or the employee authorized to
forward it to the addressee, be advised that any dissemination, copying,
distribution or any other similar activity is legally prohibited and may be
punishable. If you received this e-mail by mistake please advise the sender
immediately by using the reply facility in your e-mail software and delete
permanently this e-mail including any copies of it either printed or saved to
hard drive.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa,
www.mBank.pl, e-mail: [email protected]
Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru
Sądowego, nr rejestru przedsiębiorców KRS 0000025237, NIP: 526-021-50-88.
Według stanu na dzień 01.01.2016 r. kapitał zakładowy mBanku S.A. (w całości
wpłacony) wynosi 168.955.696 złotych.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
