On Friday 17 October 2014 05:42:50 Peter Stuge did opine
Post by Peter Stuge
Post by Gene Heskett
I think the point they were trying to make is that the device
packager, who may not be the chip vendor, can put, if there is room
in its flashrom, a short commend that would, on plugging it in,
cause the machine to silently go out on the net and become part of a
spam bot, or install a keylogger
Please spend a bit of time studying that 1.1 spec you have, or
Interesting read, I will learn much I think, thank you.
But I haven't finished it yet. Using okular to red what appears to be the
main pdf (650 pages), it died and showed only blank but framed pages at
about 150 pages into it. So I went into its menu's and set it for
aggressive memory use since I have 8Gb, and this 3.16.0 kernel is a 32 bit
PAE enabled build. That enabled it to display about 125 more pages, then
went back to blank pages.
Deciding to quit it and try acroread, it took down every bash shell on the
machine when I quit it!
So I rebooted, but they were not restored on the reboot, so I had to
restart all of my normally used shells by hand. That takes about 20
minutes because update-manager needed a run on all 3 machines that are
live on my local network on a 24/7 basis. jre/icetea & tzdata related
stuff this time.
Post by Peter Stuge
Spend most of your time with chapters 5, 8 and 9.
Then spend time studying the EHCI spec. It teaches how the host
controller is programmed by the operating system.
It should become clear that what you describe just isn't possible.
Not everything that is published (on internet or elsewhere) is
Post by Gene Heskett Post by Greg KH
What needs to be "fixed"?
The procedure to update that firmware.
if when it is plugged in, it goes out and installs a keylogger, now
that is harming the user
"goes out" is not an established term in USB. I'm afraid you're not
making any sense.
I have bought keys that came with an autoexec.bat that looked like it was
going to install a keylogger already installed. So the threat, at least
to an M$ box, is there. But thats not how this exploit was described.
Maybe this is only a potential problem on an M$ box? At the least, it
needs a YMMV warning.
Thanks for the link Peter, it was appreciated. Now of course, its up to
me to understand it since I have reached that age where short term memory
is not always infallible, 80, so I have the missus make grocery lists on
dead tree sheets. :)
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to firstname.lastname@example.org
More majordomo info at http://vger.kernel.org/majordomo-info.html