Security risks of removable media (was: Offline Search?)
Ben Scott
dragonhawk at gmail.com
Fri Jun 6 00:27:25 EDT 2008
On Thu, Jun 5, 2008 at 4:52 PM, Thomas Charron <twaffle at gmail.com> wrote:
>>>>> I don't believe he's talking about toting the app itself around,
>>>>> just the data files.
>>>>
>>>> Well, if we assume the computer is offline (which we've been asked
>>>> to do)... and the software isn't on the drive... what good is having
>>>> the search engine data going to do? :)
>>>
>>> Umm, I don't see that requirement anywhere in the thread. Did I
>>> miss something?
>>
>> Well, the subject line, and the first sentence of the original post,
>> both mention "offline search".
>
> Google Desktop isn't an online service.
Um... so what? That doesn't explain what good it would do to have
Google Desktop index data without Google Desktop software.
>>> They put themselves at even greater risk just USING the compromised
>>> PC.
>>
>> Because I'm a software engineer.
Again, so what?
The point I was and am trying to establish is that carrying software
around on a removable medium puts one at significant security risk.
You're exposing any data on the medium when it is mounted on the
untrustworthy host. It might be copied or modified by malware.
You're exposing any software on the medium. It might be "infected" by
malware. Any hosts you mount the medium on in the future are then
exposed to that malware.
Yes, malware compromise can happen via other vectors, too. That
doesn't mean the removable medium is a good idea.
Yes, using untrustworthy hosts is dangerous. But using
untrustworthy hosts is part of carrying software around on a removable
medium and using it on whatever computer is handy. If the host was
under control, why wouldn't it already have the software you use on
it? And if the host is not under control, it is presumably untrusted.
Did you have any actual response to this, or did you just want to
dance around it? :)
I'm starting to feel like I'm talking to ELIZA -- that you're
sending phrases that only sound like they have something to with the
conversation, but are really just context-free text extraction. Are
you sure you're not just an AI program gone awry? ;-)
-- Ben
More information about the gnhlug-discuss
mailing list