Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Aug 2014 19:16:11 +0400
Subject: Re: BadUSB discussion

On 08-Aug-2014 09:56:34 -0400, Daniel Kahn Gillmor wrote:

 > The same thing goes, of course, for PCI devices, disks, CPUs,
 > expressCards (or whatever they're called today), firewire, RAM,
 > etc. all of which are becoming more hot-pluggable on modern
 > hardware.

PCI and firewire seem to be most dangerous, as they have full
memory access simply by design.

I have such PCI "debug board", and making one for PCI-e is on my

 > A well-thought-out system-wide policy of what to do on device
 > hotplug might be useful, with a set of standard profiles
 > (single-seat personal desktop (laptop), server, multi-seat
 > desktop) to encourage sane behavior by default.
 > I have no idea what form such a policy might take, though.

I possibly have some ideas, but they have to be thought a lot.

Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.