Given what we know about USB sticks, especially their use in Iran, you would have to be ABSOLUTELY FUCKING RETARDED to trust them.
Oh so he encrypted his files, and walked them between his stand alone and his internet machines. Yeah, okay this established the file's integrity, and that's just fantastic.
But what assurance does he have that the USB stick isn't getting infected on the internet machine, and then deploying stealth hacksaw services onto the standalone, to buffer and relay data and commands each time it jacks in?
I mean, that's exactly what Stuxnet was designed to fucking do.
It's different if you own your own USB stick and only use that stick, and have the hosts configured correctly. Arbitrary USB devices picked up off the ground or provided by malicious people do terrify me, mainly because they can be keyboards or whatever in usb-stick physical packaging.
Even USB sticks that are your own USB sticks could be keyboards or whatever. Unless you've verified it isn't a store bought USB stick is just as risky as one that you picked up from the street or that someone gave you, in both cases you have no idea 'where it's been' before it got into your possession.
No, the vast majority of USB sticks in the world are not pwned. If you randomly go out to purchase one in a large market, it's pretty likely to be safe.
Things like the Bagram PX were concentrations of high value targets with only one source of supply. The general USB stick marketplace is a lot safer. In China they're often fake and thus unreliable (smaller than advertised), but in the US, I'd be pretty comfortable driving to a Best Buy 50 miles away and picking up a random USB token.
A USB key someone hands you is much more likely to be a targeted attack. A USB key randomly lying on the ground outside a target is also much more likely to be an attack.
The vast majority of USB sticks are lost, not attacks, the vast majority of USB keys handed to you are handed to you in good faith, not as attacks.
That doesn't mean there are no attacks.
So prudence is adviced in either case, on the off chance that the one that you have is a bad one. Ditto for anything else that you stick into a USB port.
That webcam plugged into your computer, are you sure the mike isn't on all the time and that the driver doesn't pass your speech during the day out in compressed and encrypted form to some server farm at night ;)
Just like bareback sex with partners who remain monogamous for the duration of your relationship, repeatedly sticking the same USB device into your computer is a lot less risky than sticking a wide variety of USB devices of unknown provenance into your computer...
Oh so he encrypted his files, and walked them between his stand alone and his internet machines. Yeah, okay this established the file's integrity, and that's just fantastic.
But what assurance does he have that the USB stick isn't getting infected on the internet machine, and then deploying stealth hacksaw services onto the standalone, to buffer and relay data and commands each time it jacks in?
I mean, that's exactly what Stuxnet was designed to fucking do.