Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 09 Aug 2014 19:42:21 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: BadUSB discussion

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Probably because nobody cares, this is all old, USB, like every
hardware standard, is a disaster from a security point of view.
Covered this kind of thing back in 2012:

http://www.linuxpromagazine.com/content/download/65948/521578/version/1/file/040-041_kurt.pdf

Back when I had hair.. *sob*.

On 08/08/14 05:20 AM, Dan Carpenter wrote:
> I'm surprised we haven't had any discussion about the recent
> BadUSB articles.
> 
> http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
>
> 
http://security.stackexchange.com/questions/64524/how-to-prevent-badusb-attacks-on-linux-desktop
> 
> We could put a popup if there is a second keyboard attached to
> check that the person controlling the existing keyboard is aware of
> the second one.
> 
> The attack looks like someone who says, "Can you copy some files
> from my USB flash drive which?" (not knowing it is infected) and
> then there is a popup, "This newly inserted USB device is trying to
> type commands, is that ok?  y/N?".
> 
> regards, dan carpenter
> 

- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT5s39AAoJEBYNRVNeJnmT+o8QAKHYCq6eGWZgHKoqBZsRBNJz
HYzgKvRx2FzgINL+OJiob6r0VXd+1wdm+2HAn7evToR0e3kcauaQR6oLBo56f3tj
hhlvBRKK8rfeW1yN3AaGqLmUvuF5+zb4MwEF0duGlkd9AXBeQEIRr3124yZHgGf8
B1Zlda5SSvQW6Rg3JsZ3lvzeKvE4H7Vif60RVf18fEDYzteutl+X+Af1vrcID1ok
3AkUPeFweopNq3e0DORWnkbW3SfE1D7KTa1KAI2LyPEAAqWVAvqr22g1HTm/ykHE
Q3XOPm/aJPaYaHrnNbsD8a2V3+eHxRfmdwEztOn5ctW9WGrL+w2Zzx4zPM/vQXBv
QPZqwColubVqZqgW5oSSsgKPbVIxR1UU7ymiYRz+TpXpqx00KvEbXVwfRz5VUMbi
MaY0HlBYj0LG9t/+ebHewHgyUfoVq1CEFVfxFI2PZRcCmhXDKgyRjNR9SnqAj7m3
aQvmyQArqY75Rmx07VfnP4w7/xQQQ2KBoTZ/zVhV6Y7e/RGt+gAj2hMy9ElK8mTY
vtHdmeWw5TuhB/rs9sNDkEVT1WiTmaeWYWFvsQtyACqgH0zCi3WzD+4+/fgBEwYq
8O+jIhnL5wxu8IxzYXfd46vAk63CetSn74MDWhIdMHH8AYXtNunVPiTNC137Awmh
YFXm6N79F7yvgnXoyYGO
=1JVW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.