From 5703c1796e2762e7f01dcf082cf5d43adae482c1 Mon Sep 17 00:00:00 2001 From: Konstantin Ryabitsev Date: Fri, 28 Aug 2015 16:23:49 -0400 Subject: [PATCH] Make section on firewire be less opinionated --- linux-workstation-security.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/linux-workstation-security.md b/linux-workstation-security.md index 8820d54..b43796d 100644 --- a/linux-workstation-security.md +++ b/linux-workstation-security.md @@ -75,12 +75,12 @@ to prevent, but it will require more effort to set up and maintain. #### Firewire, thunderbolt, and ExpressCard ports -Firewire is a silly standard that, by design, allows any connecting device full +Firewire is a standard that, by design, allows any connecting device full direct memory access to your system ([see Wikipedia][2]). Thunderbolt and -ExpressCard are guilty of the same sin, though some later implementations of -Thunderbolt attempt to mitigate this vulnerability. It is best if the system -you are getting has none of these ports, but it is not critical, as they -usually can be turned off via UEFI or disabled in the kernel itself. +ExpressCard are guilty of the same, though some later implementations of +Thunderbolt attempt to limit the scope of memory access. It is best if the +system you are getting has none of these ports, but it is not critical, as +they usually can be turned off via UEFI or disabled in the kernel itself. #### TPM Chip