Fwd: Re: arbitrary code execution on unformatted usb stick

To: debian-security@lists.debian.org
Subject: Fwd: Re: arbitrary code execution on unformatted usb stick
From: estellnb@elstel.org
Date: Sat, 02 May 2020 20:42:02 +0200
Message-id: <[🔎] 95a134a3b9dc714cbe05d7725f515d01@elstel.org>
In-reply-to: <14a37d65e1918ae0c2473b2c78eae567@elstel.org>
References: <b2489138-53ee-e747-31cc-cdce48339dbe@zoho.com> <2e13d71d-f29b-3cb2-4147-5fcf9c8c6a3e@gmail.com> <2a3b7e9a-d483-e4c8-8761-6803b6faf011@gmail.com> <CAKTje6ExBrtZoW+J-pdDW2+r3EJV0dVjVyakTSNfz2WUs+EOVw@mail.gmail.com> <CAKTje6HY-+tAeDkcSZyHdBKKWk1AiSaVr2jQuFhobuiTgtuCxA@mail.gmail.com> <4d768eaf-4b60-c060-3e68-7bfcbaa334aa@elstel.org> <a96c3b9cbc6df435b6a1c6bc1e20eb2c21f8f524.camel@debian.org> <1f279581-fd7b-b054-013c-d0a527db59e0@elstel.org> <c0c4f2eb10e435f81f3ba8f1cd5e7c1fe9391500.camel@debian.org> <e5906e91-201e-6b91-5fad-b60b4ce33180@elstel.org> <b74b1527-d500-6939-2a36-5361deeb5973@vheuser.com> <CAKTje6GB+i5GNqhVq3+xzx17e5Dpp=RcwwSuMeY9o954XG+ioA@mail.gmail.com> <87wo6imspv.fsf@miraculix.mork.no> <a68889c2-03da-6791-c2b3-840c1c8b53e0@elstel.org> <[🔎] d7a90d7e-ef01-d165-245d-afe769a98b1e@elstel.org> <[🔎] 816d3faf-59c9-a8f2-45d0-d5c5e0ad30bc@elstel.org> <fb11abc3-371a-8cf2-39ee-51703f12d63a@vheuser.com> <a4f7c6d7649db7e78e7ebf7e38d8d175@elstel.org> <1ffab50d-d53a-5d2e-7d85-a3c2ee7d57b6@vheuser.com> <14a37d65e1918ae0c2473b2c78eae567@elstel.org>

I am forwarding you this email in the hope that it will be useful:

(They simply could not have known what reason I was installing mininetfor and that I would try to install it at all if they would not haveobserved what I was doing even if they would have supposed that I wannacontinue on a̅tea. Besides this kind of live-blocking every step thatwould be useful to achieve my goal is noteable on a computer that Ibelieved to be totally clean in the time before. That was how thingsstarted to uncover.)


-------- Originalnachricht --------
Betreff: Re: arbitrary code execution on unformatted usb stick
Datum: 02.05.2020 18:22
Von: estellnb@elstel.org
An: vince@vheuser.com

Dear Vince

I in deed mean that they have an internet connection channel for thisoffline computer. The computer does not have Wifi nor a LAN cable. Whatthey were doing can not be explained by other means. I wonder how theytransfer the data between the internet and that computer that should beseparated physically from the internet. What I have observed can not beexplained by malware unleashed at the time I have last plugged an USBstick.


Elmar

Am 02.05.2020 18:16, schrieb vince@vheuser.com:

Yes, I know the article and the long history building up that
capacity.  You may recall I backed you up on the DANE support
discussion.  What you are developing is a reliable secure software
system.

The problem of compromised hardware is a different problem. Intel
builds back door circuits for NSA into their chips So I don't think
you'll build a laptop from them that NSA can't compromise.

Unless you are engaging in international espionage or blowing the
whistle on them like Eric Snowden, I don't think they will compromise
their systems on low value targets.  In that case, it doesn't make
much difference that they can get in, does it?

On the other hand, a working DANE system can be used to keep our
conversation between us against most others except NSA and that alone
is worth something.  Isn't it?  Debian Security list members can't do
must about compromised hardware except be aware of it....

Reply to:

References:
- Re: arbitrary code execution on unformatted usb stick
  - From: Elmar Stellnberger <estellnb@elstel.org>
- Re: arbitrary code execution on unformatted usb stick
  - From: Elmar Stellnberger <estellnb@elstel.org>

Prev by Date: Re: Scripts that run insecurely-downloaded code
Next by Date: Re: Scripts that run insecurely-downloaded code
Previous by thread: Re: arbitrary code execution on unformatted usb stick
Next by thread: Fwd: Re: AW:webhosting mit DANE
Index(es):
- Date
- Thread