[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 2010-03-26 at 09:24 +0100, Juan J. MartÃnez wrote: > It's interesting, but in that way they have to trust that live CD, and > it makes things easier to attack the users (just send a compromised CD > to all the customers, or use a man in the middle that remplaces the CD > in the post service, etc). Those attacks do not scale favourably for the attacker, and leave a physical trail in the real world adjacent to the attack and the attacker. IE if you produce and post a CD to each of a bank's customers (having first to have a list of them, or else cause comment by sending vastly more physical copies to random addresses) then you are likely to be noticed in the Post Office. The CDs are likely to be trackable back to where the blanks were bought, and hence to whom they were sold, delivered etc. Using the man in the middle is a logistic challenge. You need to reliably get your man into the right place, with as many CDs as you want to replace in transit. He needs to either open a load of post, remove the contents and repackage with a new CD, or simply destroy or redirect all to a /dev/null postal address all the originals. The latter are failure modes and attacks postal services and sorting offices have vast experience of and are designed to detect, discourage and react to. If you are the intelligence apparatus of the State you may well be able to do that (but perhaps you have different approaches that are more effective), if you are a plausible mass attacker, I think it is very hard. SO as a sensible criminal you would invest your effort in some other crime. -- A -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html