The USB stick line of attack has happened, but usually involves ordinary files attacking Windows machines via autorun. USB firmware attacks to exist but are rarely used. There is no way to reduce any risk in life to zero. Snowden was attacking the NSA itself, so yes he needed new USB sticks and needed them sourced randomly with cash.
There is in fact the countevailing argument that every new USB device is a threat, especially with the ever-growing firmware in modern machines. Nothing in life is ever guaranteed. Hell, you could be hit by a car while carrying that flash drive. Security in the real world means stopping most attacks, not thinking you are invincible. There's always a bigger fish in the sea, On 6/21/2016 at 1:16 PM, "Set Hallstrom" <s...@ubuntustudio.org> wrote: > >> On 2016-06-21 17:28, Ralf Mardorf wrote: >>> On Tue, 21 Jun 2016 16:18:23 +0200, Set Sakrecoer wrote: >> >>> i'm hesitant about endorsing stuff that is out of our scope. >Let me >>> think about it :) >> >> Recommending another distro for a special purpose should only be >done, >> if somebody at least does use it regularly and knows more about >this >> distro. > >If feel like this too. > >> >> However, I wouldn't either mention Windows 10, nor claim too >much that >> Ubuntu is far away from being "not financed by selling your >personal >> information to advertisers". The wording "personal information" >is an >> elastic term. Ubuntu is not beyond dispute. Unlikely that Ubuntu >sells >> data, but data is part of a business model that Ubuntu not >completely >> rejects. >> The sentence "Because it is open, cares for freedom and strives >for >> transparency, it's true that Ubuntu Studio offers better control >over >> your privacy than proprietary operating systems usually do" is >> absolutely beyond dispute. Why mentioning advertisings at all? >> > >You are probably right. > >> You misunderstand my concern. You can't connect an USB stick, >that was >> connected to a computer with Internet access, to the safe >computer. You >> need always a brand new USB stick. There is no secure way to >share >> data between those two computers. The only option is to carry >over data >> from the safe computer, to the Internet computer. An USB stick >that >> once was connected with any insecure machine cannot used again. >An >> analogy: It's like buying a new car, as soon as the fuel tank is >> empty, instead of filling up the car's fuel tank. > >I sure did misunderstand you.. sorry. I sure hope someone engaging >in a >mission with that level of threat isn't relying on ubuntu studio. > >So i'd put it this way: > >> Because Ubuntu Studio is open, cares for freedom and strives for >> transparency, it's true that Ubuntu Studio offers >> better control over your privacy than proprietary operating >systems >> usually do. Ubuntu Studio does not include software for >encryption >> and/or anonymity, but you can and are free to install such tools. >> However, even when you use tools known to grant the strongest >> available privacy, there are still pitfalls. >> >> As soon as a computer is connected to the Internet, user errors >and >> misunderstandings, can render even the strongest protections >useless: >> Third parties not necessarily need to do something manipulative; >a >> user's lack of knowledge can easily make sensitive information >> public, usage-patterns can easily make the origin of sensitive >> information identifiable and once such data is stored on the >> Internet, there's no way to control it. >> >> Journalists, activists or anybody else working with sensitive >> information should consider never connecting computers containing >>> such information to the Internet. Engaging in media production >that >>> implies a high-level of threat is a very serious step that goes >>> beyond the scope and purpose of Ubuntu Studio. To learn more >about >>> how to transfer sensitive information via Internet securely, >you can >>> start here: https://freedom.press/digital-security > >I trust the freedom of the press foundation because Edward Snowden >is >part of the board. > >-- >Set Hallstrom aka sakrecoer -- ubuntu-studio-devel mailing list ubuntu-studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
