> I think perhaps this is a little low-bandwidth for security updates for > your OS. By the way, you could use a USB-to-serial converter and use a > serial cable. The problem with USB is sharing the same USB device > between multiple computers. If you always use the same converter in the > same computer, it's not an infection vector. But this is still very low > bandwidth. Many USB-to-serial converters can go to 0.5 Mbit/s. I think > the max I've seen is 2 Mbit/s. So it's not as low as the ol' 115k2 anymore.
In '07, my research group developed some really low-tech data transfer with admirable characteristics: it was provably one-way data transfer. Get a serial cable and cut it in half. On one end attach a laser; on the other end attach a photoreceptor. Mount the two. You now have a data diode -- a "cable" over which data can only flow in one direction. We had to write custom drivers for it, but it wasn't hard. If memory serves we weren't able to go over about 300 baud. This was by design: our photoreceptor was ***old*** (like 1960s tech) and had a relatively long cycling period after each pulse. The point of using the old photoreceptor was that way we were dead certain there was no exploitable integrated circuit in the photoreceptor... > I haven't read about SD cards being infection vectors Yep, they are. Seen them myself in the malware lab. No further comment available, as I'm bound by NDA-of-doom. But yes, SD cards have been known to be infection vectors. If you think about it for a while I'm pretty sure you'll figure out how, but I unfortunately cannot connect the dots for you. > I do know about subverting SATA harddisks, but haven't heard about it > actually being used, unlike USB. SATA sounds reasonable as well. Yep! Been done. SATA firmware has been exploited via the JTAG interface, new firmware loaded onto it, and been used as a vector. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users