Gene, Gene Heskett wrote: > I think the point they were trying to make is that the device packager, > who may not be the chip vendor, can put, if there is room in its flashrom, > a short commend that would, on plugging it in, cause the machine to > silently go out on the net and become part of a spam bot, or install a > keylogger Please spend a bit of time studying that 1.1 spec you have, or actually I would recommend that you download the 2.0 spec instead: http://www.usb.org/developers/docs/usb_20_070113.zip Spend most of your time with chapters 5, 8 and 9. Then spend time studying the EHCI spec. It teaches how the host controller is programmed by the operating system. It should become clear that what you describe just isn't possible. Not everything that is published (on internet or elsewhere) is actually correct. > > What needs to be "fixed"? > > The procedure to update that firmware. > if when it is plugged in, it goes out and installs a keylogger, now > that is harming the user "goes out" is not an established term in USB. I'm afraid you're not making any sense. //Peter -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html