Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 09 Aug 2014 19:42:21 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: BadUSB discussion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Probably because nobody cares, this is all old, USB, like every
hardware standard, is a disaster from a security point of view.
Covered this kind of thing back in 2012:

http://www.linuxpromagazine.com/content/download/65948/521578/version/1/file/040-041_kurt.pdf

Back when I had hair.. *sob*.

On 08/08/14 05:20 AM, Dan Carpenter wrote:
> I'm surprised we haven't had any discussion about the recent
> BadUSB articles.
> 
> http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
>
> 
http://security.stackexchange.com/questions/64524/how-to-prevent-badusb-attacks-on-linux-desktop
> 
> We could put a popup if there is a second keyboard attached to
> check that the person controlling the existing keyboard is aware of
> the second one.
> 
> The attack looks like someone who says, "Can you copy some files
> from my USB flash drive which?" (not knowing it is infected) and
> then there is a popup, "This newly inserted USB device is trying to
> type commands, is that ok?  y/N?".
> 
> regards, dan carpenter
> 

- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT5s39AAoJEBYNRVNeJnmT+o8QAKHYCq6eGWZgHKoqBZsRBNJz
HYzgKvRx2FzgINL+OJiob6r0VXd+1wdm+2HAn7evToR0e3kcauaQR6oLBo56f3tj
hhlvBRKK8rfeW1yN3AaGqLmUvuF5+zb4MwEF0duGlkd9AXBeQEIRr3124yZHgGf8
B1Zlda5SSvQW6Rg3JsZ3lvzeKvE4H7Vif60RVf18fEDYzteutl+X+Af1vrcID1ok
3AkUPeFweopNq3e0DORWnkbW3SfE1D7KTa1KAI2LyPEAAqWVAvqr22g1HTm/ykHE
Q3XOPm/aJPaYaHrnNbsD8a2V3+eHxRfmdwEztOn5ctW9WGrL+w2Zzx4zPM/vQXBv
QPZqwColubVqZqgW5oSSsgKPbVIxR1UU7ymiYRz+TpXpqx00KvEbXVwfRz5VUMbi
MaY0HlBYj0LG9t/+ebHewHgyUfoVq1CEFVfxFI2PZRcCmhXDKgyRjNR9SnqAj7m3
aQvmyQArqY75Rmx07VfnP4w7/xQQQ2KBoTZ/zVhV6Y7e/RGt+gAj2hMy9ElK8mTY
vtHdmeWw5TuhB/rs9sNDkEVT1WiTmaeWYWFvsQtyACqgH0zCi3WzD+4+/fgBEwYq
8O+jIhnL5wxu8IxzYXfd46vAk63CetSn74MDWhIdMHH8AYXtNunVPiTNC137Awmh
YFXm6N79F7yvgnXoyYGO
=1JVW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ