Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Aug 2014 14:20:21 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: BadUSB discussion

I'm surprised we haven't had any discussion about the recent BadUSB
articles.

http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
http://security.stackexchange.com/questions/64524/how-to-prevent-badusb-attacks-on-linux-desktop

We could put a popup if there is a second keyboard attached to check
that the person controlling the existing keyboard is aware of the second
one.

The attack looks like someone who says, "Can you copy some files from
my USB flash drive which?" (not knowing it is infected) and then there
is a popup, "This newly inserted USB device is trying to type commands,
is that ok?  y/N?".

regards,
dan carpenter

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ