Slashdot Mirror

← Back to Stories (view on slashdot.org)

System Exploitable With USB

Posted by Zonk on Saturday July 23, 2005 @10:27PM from the good-thing-no-one-uses-that dept.

Anonymous Coward writes "Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device." From the article: "The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems, including Windows XP and Windows 2000, said Caleb Sima, chief technology officer and founder of SPI Dynamics."

2 of 310 comments (clear)

Min score:

Reason:

Sort:

Misleading first few paragraphs? by gunpowda · 2005-07-23 22:34 · Score: 5, Informative

Who's actually to blame?
From the summary and the article:

Vulnerabilities in USB drivers for Windows...The buffer-overflow flaw is in device drivers that Windows loads...running Windows 32-bit operating systems, including Windows XP and Windows 2000...

The article then goes on to say:

However, the flaw is with USB, not Windows, said David Dewey, a research engineer at SPI.
Firewire and Linux by wertarbyte · 2005-07-23 22:46 · Score: 5, Informative

This reminds me of the vulnerabilities discovered in linux (and other systems) concerning firewire; Since Firewire devices can read and write directly to the computers memory, you can do some nasty stuff. The issues are documented on the website of the german CCC: http://www.ccc.de/congress/2004/fahrplan/event/14. de.html

--
Life is just nature's way of keeping meat fresh.