[ubuntu-uk] Photo keyring compatible with standards?

Christopher Swift chris.r.swift at googlemail.com
Tue Jan 20 17:53:39 GMT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.virustotal.com/analisis/22dc95c395341c679b560a7d0cf14ae4
It doesn't appear to be trojaned unlike the rest of the other installers but
that doesn't help me use it properly :D. I believe this to be my dmesg
output btw:

[ 7372.228059] usb 2-1: new full speed USB device using uhci_hcd and address
3
[ 7372.403909] usb 2-1: configuration #1 chosen from 1 choice
[ 7372.411883] scsi6 : SCSI emulation for USB Mass Storage devices
[ 7372.413269] usb-storage: device found at 3
[ 7372.413282] usb-storage: waiting for device to settle before scanning
[ 7377.424647] usb-storage: device scan complete
[ 7377.499171] scsi 6:0:0:0: CD-ROM            buildwin  Photo Frame
1.01 PQ: 0 ANSI: 2
[ 7377.506121] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray
[ 7377.506766] sr 6:0:0:0: Attached scsi CD-ROM sr1
[ 7377.507271] sr 6:0:0:0: Attached scsi generic sg2 type 5
[ 7441.446538] CE: hpet increasing min_delta_ns to 50624 nsec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: http://getfiregpg.org

iEYEARECAAYFAkl2DygACgkQYckxdhCgq46EtQCfVI/F3MLOXtmRlCNMWKDhmTC5
MPQAnRbDdw20/wY0/5Wswk/HR2XYwRWO
=z8hf
-----END PGP SIGNATURE-----



On Tue, Jan 20, 2009 at 5:27 PM, Alan Pope <alan at popey.com> wrote:

> 2009/1/20 Christopher Swift <chris.r.swift at googlemail.com>:
> > Bus 002 Device 002: ID 1908:1320
>
> Via google I found
>
> http://tppl.net/cgi-bin/avantify.cgi?url=08/12/29/0155249&threshold=3
>
> Second opinion - scanning another 1.5" photo frame (score: 3, Informative)
> by AYeomans (322504) <ajvNO at SPAMyeomans.org.uk> on Monday December 29,
> @03:58PM
>
> Here [virscan.org] is the virscan.org scan of the DPFmate.exe file on
> a similar photo keyring. This scans almost clean, with the only
> warning being "Suspicious - DNAscan" from QuickHeal.
> All sounds to me that the Walmart photo frame may be truly infected.
> Interesting to see if a re-scan gives the same results, after AV
> signature updates.
> To identify my photo frame, it has USB vendor code 1908:1320, and
> gives dmesg output as
>
>    [ 1615.074173] scsi 2:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0
> ANSI: 2
>    [ 1615.131784] sr1: scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda
> tray
>    [ 1615.132336] sr 2:0:0:0: Attached scsi CD-ROM sr1
>    [ 1615.132793] sr 2:0:0:0: Attached scsi generic sg2 type 5
>    [ 1618.229611] ISO 9660 Extensions: Microsoft Joliet Level 3
>    [ 1618.243632] ISOFS: changing to secondary root
>
> and has files on it
>
>    -r-xr-xr-x 1 a root 49 2007-12-13 17:07 Autorun.inf
>    -r-xr-xr-x 1 a root 135904 2008-07-25 11:46 DPFMate.exe
>    -r-xr-xr-x 1 a root 1344 2008-05-19 18:53 flashlib.dat
>    -r-xr-xr-x 1 a root 22044 2008-07-23 16:15 LanguageUnicode.ini
>    -r-xr-xr-x 1 a root 96281 2008-06-11 16:29 MacDPFmate.zip
>    -r-xr-xr-x 1 a root 758 2008-07-07 12:21 StartInfoUnicode.ini
>
> Hey, I always stick odd USB devices into Linux first to check them out.
> For background info, this photo frame does nothing when first
> connected. You can set it to "transfer" mode, at which point it
> emulates a USB CD-ROM of 304 Kbyte size. That CD image tries to
> autorun the DPFmate software to compress and transfer images to the
> device. The photos are *not* visible on the device through normal
> access, must have transferred them to a hidden area. I'd be interested
> if anyone has more info on the USB protocols used.
>
> Cheers,
> Al.
>
> --
> ubuntu-uk at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
> https://wiki.ubuntu.com/UKTeam/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20090120/998bc201/attachment-0001.htm

More information about the ubuntu-uk mailing list