Hi, On 14/05/2013 6:01 PM, Russell Coker wrote:
On Tue, 14 May 2013, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
can limit speeds if you need to. USB sticks cost virtually nothing these days and a couple of dollars postage isn't much to help someone out.
Are you volunteering to do this? If so then I can try and collect some USB sticks via the LUV hardware library for your use.
I haven't done this recently, but most people have adequate access to Internet somewhere that they don't need it. I did send out lots of CDs and DVDs from MLUG requests way back. If someone needs it and no offers come up, then I'm happy to give away the odd USB stick with ISO's on it.
An open access point with Linux ISO files wouldn't interest me, unless I knew exactly who was running it and that it was trustworthy; but it's not so bad if you verify the ISO files properly first.
When the ISO files come with SHA signatures that are GPG signed (as Debian install images do) then there are no issues with an open access point that you don't have with any other form of Internet access.
Yes, I can see the benefit, but benefits sometimes also come with risks.
If there aren't signed hashes of the data then no form of Internet access will save you. There have been many occasions in the past when FTP and web servers have been compromised and upstream source archives etc have been altered.
It's been too easy, even with Linux [1] (_might_ be okay now, depends on your distro and setup) to cause havoc with a rogue USB stick or similar as well.
How would someone do that? Linux doesn't have a run a program automatically when device is mounted "feature" unlike Windows.
Sure is possible, I did watch a video about it, but the video wasn't recent. The idea is that there are so many possible hook points, the one that turned out to be most vulnerable was the process that generated thumbnail images when you popped a USB stick in -- you need to have previews or thumbnail views enabled with a GUI, but that is happening more and more these days no matter what OS you run. It is not a fictional story, and it's not one of those "why Linux sucks / why Linux does not suck" type videos either. This was from youtube: Uploaded on 3 Feb 2011 Speaker: Jon Larimer Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS - including the addition of features that can allow Autorun attacks. In this presentation, I'll explain how attackers can abuse these features to gain access to a live system by using a USB flash drive. I'll also show how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not. The talk will conclude with steps that Linux vendors and end-users can take to protect systems from this threat to head off a wave of Linux Autorun malware. For more information visit: http://bit.ly/shmoocon2011_information To download the video visit: http://bit.ly/shmoocon2011_videos And here's the actual video from Shmoocon website: http://www.shmoocon.org/2011/videosNEW/Larimer-USBAutorun.m4v Cheers A.