Date: Fri, 8 Aug 2014 19:16:11 +0400 From: gremlin@...mlin.ru To: oss-security@...ts.openwall.com Subject: Re: BadUSB discussion On 08-Aug-2014 09:56:34 -0400, Daniel Kahn Gillmor wrote: > The same thing goes, of course, for PCI devices, disks, CPUs, > expressCards (or whatever they're called today), firewire, RAM, > etc. all of which are becoming more hot-pluggable on modern > hardware. PCI and firewire seem to be most dangerous, as they have full memory access simply by design. I have such PCI "debug board", and making one for PCI-e is on my agenda. > A well-thought-out system-wide policy of what to do on device > hotplug might be useful, with a set of standard profiles > (single-seat personal desktop (laptop), server, multi-seat > desktop) to encourage sane behavior by default. > I have no idea what form such a policy might take, though. I possibly have some ideas, but they have to be thought a lot. -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.