Re: Safe for me
"There's no auto-run on Linux. It's a safe practice to plug in random USB sticks. Windows users get what they get."
If it is running Windows software on an ordinary thumb drive.. Possibly.
But what if it isn't actually a thumb drive?
There is this chip.. An Atmel 32U4.
Dead handy little micro controller... It has a built in USB to serial converter, and get this.. It can emulate a keyboard and mouse.
And runs on 5 volts.. The voltage of..
A USB port!!!
Dead easy to program. Tiny enough to fit in a USB drive body. OS independent.
No OS requirements, other than the ability to recognise a HID device.
Can be programmed to execute any series of key presses you like. Or mouse movements, or hot key sequences.
Commonly available on Ebay as an Arduino Pro Micro. Bout three and a half quid delivered from China. On a tiny little board with a USB socket already wired up, and a set of breakouts along either side.
Explain to me how exactly you stop this from executing any number of command sequences for fun or profit, the moment some prize twit plugs it in..
I use one on my Linux desktop as a volume control, because the keyboard I use doesn't have this function. So I set it up to use some unused hotkeys, and now it does.
Another is the remote input for my Myth box. An IR sensor added, and my HTPC is controlled from my IR remote.
I could just as easily set it up to bring up a terminal as soon as it is plugged in, and type something destructive.
Add a little ESP8266, and I have a wifi operated keyboard hooked up to your computer.
So no. Linux is not actually protected from harm.
Which is why an unattended thumb drive should be treated like a blood stained syringe wrapped in a half eaten kebab, wrapped in a used condom, sitting in a pile of fresh dog crap from a dog with serious digestive issues..
No matter the OS.
NEVER plug a found Thumb drive in.
Walk past it, hand it in at the nearest police station, or bin it.