Yes! Even in research studies testing whether people will use such sticks by instrumenting them with malware. The studies showed that people actually do.
On Thu, Jan 2, 2014 at 7:14 PM, Greene, Mr <[email protected]> wrote: > One piece of advice, carrying on from the previously suggested "purchase > randomly chosen stick from a randomly chosen store", never use a stick > given to you as a gift or promo. It's not unknown for trade show giveaways > to contain malware (either accidentally when the trade show vendor was > copying their sales brochures to the stick, or something more sinister). > > Andy > > > - Sent from my email machine > > -----Original Message----- > From: "nb.linux" <[email protected]> > Sender: [email protected] > Date: Thu, 02 Jan 2014 23:33:27 > To: <[email protected]> > Reply-To: User support for Tails <[email protected]> > Subject: Re: [Tails-support] usb flash drive > > Thomas Benjamin: > > Sorry! > > > > I don't know enough about USB thumb drives to answer those questions. > > Perhaps someone else on this list can? > > > > Thumb drives with user flashable firmware are rare, however one should > > still always be suspicious of any drive ordered through the mail. It is > > better to go to a randomly chosen store and buy a randomly selected thumb > > drive. > > > > > > On Thu, Jan 2, 2014 at 5:01 PM, heath bunting < > [email protected]>wrote: > > > >> On Thu, 2 Jan 2014, Thomas Benjamin wrote: > >> > >> Yes. They contain firmware that can potentially be flashed by the user > >>> and / or an adversary depending on the model. > >>> Be aware, of course, that even if you get a model that cannot be > flashed > >>> by a user, if you get it by mail the adversary can still modify or > replace > >>> the > >>> firmware before it before it gets to you. We know that the NSA does > this. > >>> > >> > >> so would you recomend a usb flash drive that allows the user to flash > the > >> firmware ? > >> > >> if so, what open firmware should be flashed upon it ? > >> > >> and which models of usb flash drive can you suggest ? > > An example: > I just opened the case of a USB thumb drive (give-away from my bank.. ha > ha) that has an IC from ALCOR MICRO, CORP. [1] on it, but I cannot yet > read the exact IC name. > On the website are various ICs (*) that "Support firmware upgrade > mechanism (ISP, In-System Programming)". > So apparently, there are upgrade mechanisms, but I don't know whether > they are usable via USB or just via the electrical interface etc. > > [1] http://www.alcormicro.com/en_content/index_en.php > > (*) also for SD Cards; reminds me to 30c3 talk... > > Cheers! > > > _______________________________________________ > Tails-support mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-support > _______________________________________________ > Tails-support mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-support > -- Sincerely Yours, Thomas S. Benjamin
_______________________________________________ Tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support
