Linux Has a USB Driver Security Problem (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Linux Has a USB Driver Security Problem (bleepingcomputer.com)

Posted by msmash on Wednesday November 8, 2017 @08:00AM from the security-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: USB drivers included in the Linux kernel are rife with security flaws that in some cases can be exploited to run untrusted code and take over users' computers. The vast majority of these vulnerabilities came to light on Monday, when Google security expert Andrey Konovalov informed the Linux community of 14 vulnerabilities he found in the Linux kernel USB subsystem. "All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine," Konovalov said. The 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months. Not all of these 79 vulnerabilities have been reported, let alone patched. Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code.

156 comments

Min score:

Reason:

Sort:

an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 08:08 · Score: 4, Informative

you're already pwned
1. Re: an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 08:14 · Score: 0
  
  In most cases, except when the HD is encrypted. We've got people rotting in cells for refusing to give up passwords, so not all hope is lost in that regard. This is just Google hoping people don't realize they're alluding to their own security "superiority" (laughable) with device defaults set to refuse USB. It's a confounding variable in their claims they hope no one notices.
2. Re:an attacker has physical access to the machine by Calydor · 2017-11-08 08:22 · Score: 4, Insightful
  
  If all it takes is access to plug in a USB dongle, that's a different kind of access than being able to open up the machine and tinker with it. Secretary turns her back for a moment? Plug it in while you can.
  Hell, with the tendency for people to plug in USB keys found on the street still to this day, that's all that would be required to exploit these flaws in an otherwise impenetrable building.
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
3. Re:an attacker has physical access to the machine by squiggleslash · 2017-11-08 08:25 · Score: 5, Funny
  
  Secretary turns her back for a moment? Plug it in while you can.
  
  Wow, Hollywood has actually been accurately portraying the state of security in Linux for years, and nobody realized!
  
  --
  You are not alone. This is not normal. None of this is normal.
4. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 08:29 · Score: 1
  
  Secretary accepts flash drive from student to print homework assignment on the office printer...
5. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 08:35 · Score: 3, Funny
  
  UNREALISTIC. Windows does not have these same vulns. Secretary is safe.
6. Re:an attacker has physical access to the machine by Jeremi · 2017-11-08 08:38 · Score: 5, Insightful
  
  Wow, Hollywood has actually been accurately portraying the state of security in Linux for years, and nobody realized!
  If it turns out that the secretaries of the world have been running Linux all these years, I will be rather surprised :)
  
  --
  
  I don't care if it's 90,000 hectares. That lake was not my doing.
7. Re:an attacker has physical access to the machine by Hal_Porter · 2017-11-08 09:00 · Score: 0
  
  Also the printer wouldn't work in Linux ;-)
  
  --
  echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
8. Re:an attacker has physical access to the machine by chipschap · 2017-11-08 09:05 · Score: 0
  
  UNREALISTIC. Windows does not have these same vulns.
  
  So, like the fellow that found the Linux vulnerabilities, obviously you've examined the Windows source code to ensure that Windows didn't have them, thus allowing you to make a definitive statement such as the one above.
  Oh, wait ....
9. Re: an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:18 · Score: 0
  
  If I only had mod points!
10. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:21 · Score: 1
  
  It's important to understand that USB does not include any type of security or authentication. Secondly, it requires a custom USB device. Even many experienced developers are not in a position to craft such things. You're basically talking about embedded developers.
  Such exploits are going to be fairly specialized AND you still require either physical access or social engineering to achieve the goal. Though a common form of social engineering is to drop USB drives in parking lots you would to exploit. This is one of the ways Hillary/Podesta/DNC was hacked by foreign powers (though Seth Rich is the leak who used a USB drive to copy what was leaked).
  In the grand scheme of things, while these do need to be fixed it's not generally a serious threat as physical access should already be restricted to anything of importance, including machines on a network.
11. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:22 · Score: 0
  
  trying to enlighten windows users is charity they don't deserve. see how they feverishly defend their masters? they are the boot licking spy that rats you out to the death squad. they enjoy their bondage and want you to lose your freedom too.
12. Re:an attacker has physical access to the machine by cstacy · 2017-11-08 09:26 · Score: 4, Funny
  
  Secretary turns her back for a moment? Plug it in while you can.
  Wow, Hollywood has actually been accurately portraying the state of security in Linux for years, and nobody realized!
  No, they haven't been portraying it accurately for years. But in the last few weeks we have seen actresses and secretaries in Hollywood coming forward with the story of what happens when they turn their backs and executive producers try to "plug it in while they can".
13. Re:an attacker has physical access to the machine by scdeimos · 2017-11-08 09:30 · Score: 1
  
  Secondly, it requires a custom USB device. Even many experienced developers are not in a position to craft such things. You're basically talking about embedded developers.
  So what? All it takes is one or two embedded developers to craft such things with a barely usable management UI, flood Baidu or eBay with their wares, and then every man and his dog has access to one.
14. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:34 · Score: 0
  
  Technically speaking, you can't own devices via USB remotely. So the only way to exploit USB drivers is WITH PHYSICAL ACCESS. So this comment of "if physical access needed than you'r already pwned" is kinda redundant. I would expect my computer to not get pwned by random USB devices, for starters. Physical access doesn't inherently mean root access.
15. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:37 · Score: 0
  
  All started with Office Space. But thaaat was a floppy disk.
16. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:37 · Score: 0
  
  So, like the fellow who didn't RTFA, you commented on something without seeing that this could be easily tried on Windows and thinking that they would have mentioned it if it had worked there as well.
  Oh, wait...
17. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:43 · Score: 1
  
  Well I know Plan9 is cannot be similarly affected, as it runs all USB drivers in userspace as separate processes. I know many Windows USB drivers run in userspace but I can't be certain all do. In any case it would be a good idea for Linux to scrap the shitty design that is kernel mode USB drivers and run the USB stack as a usermode helper with privsep+privdrop. Doing anything else is negligent engineering.
18. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 09:52 · Score: 0
  
  "The attacker" could be a malware infected phone you plug into your PC. So no, I think this is a little more than simply a physical access problem. I'd suspect Android phones might also be vulnerable to this, and people plug their phones USB port into potentially untrusted charging ports all the time.
19. Re:an attacker has physical access to the machine by Billy+the+Mountain · 2017-11-08 09:52 · Score: 1
  
  Wrong, secretary is not safe because regardless of operating system, the 400 joule jolt stored in capacitors in the thumb drive just fried said secretary's computer!
  
  --
  That was the turning point of my life--I went from negative zero to positive zero.
20. Re:an attacker has physical access to the machine by iggymanz · 2017-11-08 10:12 · Score: 1
  
  yeah windows doesn't have a feature called autoplay
21. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 10:12 · Score: 0
  
  Suppose some company wants to quietly install a "service" on people's computers - something like, for example, the sony rootkit from a few years back. If USB is flaky like this then all they need to do is distribute some apparently benign usb "thing" - I don't know, you could offer free recordings of a concert as part of a ticket deal, or just have a partnership with someone who makes mice or usb drives or phones or whatever - that silently installs whatever the hell they want when plugged in. Do you really do security vetting on every phone, usb drive, mouse, keyboard, camera and random dongle you plug into your computer?
22. Re:an attacker has physical access to the machine by AHuxley · 2017-11-08 10:13 · Score: 1
  
  AC a file on a USB device on a computer should not be able to take over a computer or wider network.
  Thats how the penetration testers often work. They charm or sneak into a building past security and put a usb device into any computer they need to get access to.
  They are from "tech support", know the boss and want to show a "charity" movie the boss is interested in to the staff ...
  Someone grants access to their computer and usb to "help" the expert.. or the now trusted person the boss knows...
  
  --
  Domestic spying is now "Benign Information Gathering"
23. Re: an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 10:18 · Score: 0
  
  If he has physical access to the machine and the crypted volumes are mounted, then he does have access to the keys. They gotta be in ram somewhere. Doubly so if they're cached in uncrypted swap.
24. Re:an attacker has physical access to the machine by epyT-R · 2017-11-08 10:21 · Score: 1, Funny
  
  Of course, all it takes is a few plug-in attempts to create kernel panics...or is that moral panics?
25. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 10:34 · Score: 1
  
  Secretary turns her back for a moment? Plug it in while you can.
  Hello sexual harassment lawsuit.
26. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 10:48 · Score: 0
  
  A custom usb is easy. Buy an arduino - a beginner's embedded board. Any 'experienced developer' will be able to pull this off. There is already cut & paste code for turning the arduino into a usb keyboard and send whatever keystrokes you want. This isn't hard, beginner stuff, remember? Arduinos come in all sizes, if you want to disguise it as a plain memory stick - get a small one.
  You can then take over the machine - if you're capable of doing that with unrestricted keyboard access. Including such things as:
  * ctrl+alt+del or whatever you need to make the current OS reboot
  * whatever keystrokes you need to open BIOS setup and set it to boot from USB.
  (the "usb device" should of course also contain a bootable sdcard)
  So, seconds after plugging in, the computer reboots to a hacker distro installed on the sdcard. This may in turn bring up the normal system in a virtual machine, so the mark will think there just was some kind of glitch. After this, you have full control of the machine, including the now virtualized os. The usb thing can be unplugged, it is all running out of the initrd now. Bonus points if the hacker distro is now permanently installed on the disk...
27. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 11:15 · Score: 0
  
  Y'all should pay me to use pwned by now. It was MY typo in Counter-Strike 1.3-1.4 over and over because my Sony Celeron 600 keyboard was at a 45 degree angle opposing my mouse so I could use arrow keys not asdw to move. At a 45 degree angle I said owned every time I killed somebody on atlantamaps.org custom map server. For a LONG time. I bumped the P a lot. People mocked it but knew they got fucked up. That's how it spread. 1 mil on CS servers at the same time beat Quake 3 but atlantamaps.org was the best server. 17 slots because I was on it and sysops.
  I am the originator of pwned. Facts are straight.
  Pay up.
  Ed Crowley/Joseph Hazelwood -- me. Get some still you can't.
28. Re:an attacker has physical access to the machine by tlhIngan · 2017-11-08 11:27 · Score: 4, Interesting
  
  Of course, all it takes is a few plug-in attempts to create kernel panics...or is that moral panics?
  I've had it happen to me while I was developing a USB device. Plugged it into a Linux machine and it kernel panics immeidately. No, plug it into Windows and nothing happens.
  It turned out I screwed up the USB descriptors I was returning - Linux didn't like that I set the descriptor type wrong.
  Granted, this is something I did many many many years ago (around the time of the great east cost blackout) so I expect that it would be somewhat more robust now.
  It's also interesting to see how different OSes reacted - the USB descriptor is a fixed size, but some OSes (Windows, notably) only do a partial request - I think it was 5 bytes - in order to get the USB descriptor type and length bytes, then it re-ran the request with the proper size. Linux at the time simply did a proper sized request - the descriptor size is fixed and unchanging so what Windows did was completely unnecessary unless it was to ensure that devices responded properly.
29. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 11:34 · Score: 0
  
  Wow, how'd you come up with that joke?
30. Re:an attacker has physical access to the machine by Kaenneth · 2017-11-08 11:51 · Score: 1
  
  https://blogs.msdn.microsoft.c...
31. Re:an attacker has physical access to the machine by Narcocide · 2017-11-08 13:08 · Score: 1
  
  It's kinda sad that it's not common knowledge by now, but USB itself has physical hardware vulnerabilities that are not fixable at the driver level. Fixing the security flaws in the USB drivers is kinda like fixing the security flaws in a lock on a paper window.
32. Re:an attacker has physical access to the machine by blindseer · 2017-11-08 15:26 · Score: 2
  
  Please tell me more. I recall a rather problematic security issue with early FireWire implementations that allowed direct access to a computer system's memory. Wasn't this used to break some DVD encryption keys? ThunderBolt might have similar problems but I have not looked into it thoroughly, this is likely much harder to fix since ThunderBolt is an extension of the PCI bus. ThunderBolt 3 uses USB-C for it's standard connection port, is this what you mean by a physical hardware vulnerability? This kind of vulnerability does not apply to USB as it's not a direct memory access device like FireWire and ThunderBolt.
  Standard practice by many operating systems is to treat a USB device with more trust than I believe it should. For example, if someone plugs in a USB network device the OS will often install a driver, enable DHCP, request an IP address, and start talking to it. Auto-run has long been a problem for storage devices, but that's not unique to USB and it's not a hardware problem. These are problems that can be solved in software.
  What USB hardware vulnerabilities do you know about? I'm honestly curious since I've heard nothing of these things, and I like to think I follow computer security pretty closely.
  
  --
  I am armed because I am free. I am free because I am armed.
33. Re:an attacker has physical access to the machine by Darinbob · 2017-11-08 16:17 · Score: 1
  
  Yes and no. Denial of service is easy for some of the drivers, on more than just Linux. Just say your device descriptor has the maximum number of interfaces, each interface has the maximum number of endpoints, and things like that. But then again, you can just have a USB device that fries your computer completely since it's really a big supercap.
  Now taking over a computer this way is harder. Certainly there could be exploits, but I don't necessarily think this is just Linux either.
34. Re:an attacker has physical access to the machine by Aighearach · 2017-11-08 16:17 · Score: 0
  
  All the printers work in linux.
  That was already true 15 years ago.
35. Re: an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 16:23 · Score: 0
  
  "We've got people rotting in cells for refusing to give up passwords," And who are these people? And a legal warrant or court order can compel you to give up your password or suffer court contempt charges. Passwords are provided no special protections in civil or criminal evidence collection laws.
36. Re:an attacker has physical access to the machine by AC-x · 2017-11-08 17:30 · Score: 1
  
  Meanwhile at Linus tech tips...
37. Re:an attacker has physical access to the machine by AC-x · 2017-11-08 17:38 · Score: 2
  
  Embedded USB developer boards already exist and are just as cheap/easy to use as Arduinos.
38. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 17:52 · Score: 0
  
  this is what happens when linux flaws get pointed out, the desperation to quickly deflect criticism onto users of other platforms.
  the only people who give a fuck about windows users in this context are the halfwits like you who actually develop an emotional attachment to a computer operating system and get upset when people point out problems with it.
39. Re:an attacker has physical access to the machine by AC-x · 2017-11-08 17:55 · Score: 2
  
  What USB hardware vulnerabilities do you know about?
  
  One exploit I remember from a few years back is a custom USB device emulating a keyboard and mouse can issue commands via keyboard shortcuts and mouse clicks.
  Another one is emulating a network adapter to intercept and alter network traffic.
40. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 18:25 · Score: 0
  
  It's important to understand that USB does not include any type of security or authentication.
  We already know that, that is why the kernel is responsible for making sure a USB device can't just take over the system. The Linux kernel has many vulnerabilities that can be exploited to allow this to happen.
  
  In the grand scheme of things, while these do need to be fixed it's not generally a serious threat as physical access should already be restricted to anything of importance, including machines on a network.
  No it is a serious problem, when any networked computer (including laptops) can be so severely compromised it doesn't matter whether they are connected to the network at the time they are compromised or not. Stop this handwaving nonsense and acknowledge the severity of this problem.
41. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 18:49 · Score: 0
  
  It's hardly an "exploit" that a keyboard/mouse can issue keyboard/mouse commands. Fundamentally your keyboard needs to be a trusted device.
42. Re:an attacker has physical access to the machine by blindseer · 2017-11-08 19:04 · Score: 1
  
  Emulating a keyboard and mouse is not any more a "hardware vulnerability" than having access to PS/2 or any other input port that one might have access to. These kind of attacks have existing long before USB.
  Emulating a network adapter is not much of a vulnerability either since one could also attack by Ethernet or wireless connection. This is also fairly simple to protect against by disabling the use of USB network adapters and/or setting routing priority on the computer.
  I thought that there was something unique to USB that I missed. Apparently not.
  
  --
  I am armed because I am free. I am free because I am armed.
43. Re:an attacker has physical access to the machine by AC-x · 2017-11-08 19:33 · Score: 2
  
  I think you're falling in to the same trap as some other posters with "physical access = already pwned".
  USB is somewhat more dangerous because they are also ubiquitous inconspicuous storage devices and computers often have multiple easy to access USB ports.
  PS/2 ports are used exclusively for keyboard and mice and the ports are generally at the back of the computer, so you're not going to be able to trick someone into inserting a device like you could with something that looks like a USB stick and to do it yourself requires you to access the back of the computer rather than just quickly sticking something in the front. Also PS/2 ports are single function while a USB stick can emulate a keyboard and mouse at the same time which allows for certain attacks that aren't possible with keyboard alone (see the OSX example previously).
  With networking again you've got to get to the back of the computer, unplug the existing network connection, put a bridging device between them, plug it back in. All much more conspicuous than just slipping a USB-stick looking device into the machine somewhere. Plus I couldn't find any instructions for disabling USB networking on Windows or OSX, and even with Linux I'm not sure how you do it without disabling all USB devices.
44. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 20:04 · Score: 0
  
  It has severe consequences for DRM devices with USB ports based on Linux. It allows to break the products through this special USB crafted ones.
  Perhaps even with a USB OTG you can build this crafted USBs though software.
45. Re:an attacker has physical access to the machine by blindseer · 2017-11-08 20:44 · Score: 1
  
  The claim was that USB has physical vulnerabilities that are not fixable at the driver level. Problems of people inserting storage or network devices can be fixed by disabling or removing drivers for those devices. If access to front ports are a problem then disable the front ports. Disabling front ports can be done at the driver level, or BIOS level, and not just by filling them with glue.
  Perhaps there is a problem where people need ready access to USB storage, so front ports cannot be disabled, AND need to use USB keyboard/mouse since PS/2 ports (or whatever) are not available. This is more difficult to manage but not impossible, I raised this problem myself elsewhere.
  The other claim was that this was not common knowledge, but I'm pretty sure it's common knowledge that USB keyboards exist and drivers for them are standard install on most any operating system.
  If someone wants to claim that it's not common knowledge that keyboard emulators can fit in a device that can be disguised as a flash drive then that might be something that could stand up. But then someone would have to be engineered to plug in a flash drive and for some reason allow the device to "drive" the computer until the payload was delivered. If the person doing this was aware that the device would do this, such as being a party to the crack attempt, then this is still not something unique to USB. Such a person could easily be engineered to plug a device into a PS/2 port. If the crack needed access to files then include a CD-ROM as part of the attack, or floppy disk because now we're going back in time to old school cracks that predate USB. Again such things can be addressed with things like controlling access to storage devices at the driver level.
  I don't see this as something that cannot be fixed at the driver level. Keeping out network and storage devices is trivial at the driver level, just disable the drivers. Keeping out keyboard and mice emulators might be more difficult but then the person with the device must almost certainly be in on the attack, especially if there is a need at any time to enter a password such as changing important settings or installing software. None of this is new or unique to USB. Perhaps USB adds a level of threat by the increased bandwidth but that's like saying broadband internet is a security problem because it's so much faster than a dial-up modem. If you want high speed data for "good" stuff then you get high speed data for "bad" stuff too.
  
  --
  I am armed because I am free. I am free because I am armed.
46. Re:an attacker has physical access to the machine by TheRaven64 · 2017-11-08 21:39 · Score: 1
  
  Are you sure. These vulnerabilities were all found with the same kernel fuzzing tool that, as far as I know, has not been ported to work on other operating systems. It would be great for someone to run the same thing on *BSD and Windows - similar exploits are almost certainly in all systems, the difference is that the Linux ones are now known and fixed.
  
  --
  I am TheRaven on Soylent News
47. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-08 21:53 · Score: 0
  
  Its a little more complex than that, no? How often have you plugged a device in somewhere just for power? That transaction should be safe, even if it does give a malicious USB-device physical access to your device.
48. Re:an attacker has physical access to the machine by AC-x · 2017-11-08 22:21 · Score: 1
  
  The other claim was that this was not common knowledge, but I'm pretty sure it's common knowledge that USB keyboards exist and drivers for them are standard install on most any operating system.
  That's not the claim being made.
  
  If someone wants to claim that it's not common knowledge that keyboard emulators can fit in a device that can be disguised as a flash drive then that might be something that could stand up.
  That is the claim, and I would say it's a very safe claim to make.
  
  But then someone would have to be engineered to plug in a flash drive and for some reason allow the device to "drive" the computer until the payload was delivered. If the person doing this was aware that the device would do this, such as being a party to the crack attempt, then this is still not something unique to USB. Such a person could easily be engineered to plug a device into a PS/2 port.
  I disagree; Giving someone files on a USB stick is such a common and natural thing to do that the vast majority of people wouldn't think twice about it. Just leaving one lying around might be enough, and it may be possible to install a hack on a user's own USB stick if you can get brief access to it.
  Giving someone a dongle to plug into a port that they may have never used on their computer (and increasingly isn't even present) would already be more suspicious, and only give you keyboard access with nothing else.
  
  If the crack needed access to files then include a CD-ROM as part of the attack, or floppy disk because now we're going back in time to old school cracks that predate USB. Again such things can be addressed with things like controlling access to storage devices at the driver level.
  With a USB device you can emulate a keyboard, mouse, multiple storage devices and a network device all on a single stick. It's both a lot more powerful and a lot more discreet.
  
  I don't see this as something that cannot be fixed at the driver level. Keeping out network and storage devices is trivial at the driver level, just disable the drivers.
  The only one most people don't routinely use is USB networking device, disabling USB storage for most people isn't going to be practical, and disabling USB Keyboard and Mouse drivers is pretty much out of the question these days.
  
  but then the person with the device must almost certainly be in on the attack,
  
  Again I disagree, USB sticks are too commonly used.
  
  especially if there is a need at any time to enter a password such as changing important settings or installing software.
  
  Passwords should stop it, but there are many things an attacker could do with just user level access with a command prompt, and if they have access to any unpatched privilege escalation bugs then that sidesteps the password issue.
  Yes these USB "vulnerabilities" don't offer anything you technically couldn't do by sitting down in front of the machine with your own keyboard, mouse, network and storage devices, but the unique thing is they can do it much quicker, much more discreetly, and it's much easier to trick someone else into running the exploit for you.
49. Re:an attacker has physical access to the machine by AmiMoJo · 2017-11-09 00:00 · Score: 1
  
  you're already pwned
  Not really, especially today when great steps have been made towards creating physical security for computers.
  We have self-encrypting SSDs, and AMD's latest parts support encrypted RAM. The keys are stored in secure enclaves of the CPU, so things like cold boot attacks and removing RAM doesn't work any more.
  Combine that with a secure OS and secure boot via UEFI and the machine is pretty difficult to p0wn even with physical access. You would need to get to the level of replacing firmware in some critical peripheral, which these days is likely signed code. So while possible it's the kind of thing that only well resourced attackers will be able to do, it protects most people from most attacks and it's only getting better.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
50. Re:an attacker has physical access to the machine by blindseer · 2017-11-09 00:13 · Score: 1
  
  I disagree; Giving someone files on a USB stick is such a common and natural thing to do that the vast majority of people wouldn't think twice about it. Just leaving one lying around might be enough, and it may be possible to install a hack on a user's own USB stick if you can get brief access to it.
  My comment was that people would have to plug this in, watch the device take over their screen and do nothing about it. That's going to take some crazy planning to distract the person or something, or as I pointed out the person would have to be in on the attack.
  
  Giving someone a dongle to plug into a port that they may have never used on their computer (and increasingly isn't even present) would already be more suspicious, and only give you keyboard access with nothing else.
  I point out the use of PS/2 and such just to show how old these attacks are. People have been doing this for a long time. The ports people use to plug in their keyboards have changed is all. You want someone to plug in a keylogger on their PC a decade or two ago? It goes like this, "I heard your computer was acting funny. I got you this keyboard noise filter. Just plug it in between the keyboard and the PC on the back and this filter in the middle should stop the crazy keystrokes you've been complaining about." The same applies now with USB.
  
  With a USB device you can emulate a keyboard, mouse, multiple storage devices and a network device all on a single stick. It's both a lot more powerful and a lot more discreet.
  Fuck being discreet. I got a big old USB drive case around here. I can take out the old drive and fill it with an array of new SSD drives. I hang a couple cords out the back, SATA and USB (for power ;^) ) , and take it to the user. I explain I need to run a "diagnostic and backup" and then plug it in. While the little microcontroller in the case is doing it's thing with the keyboard emulation there is the drive is doing a legitimate backup. I chat while the computer is working and leave with the drive when done. I return later with the data on DVDs, a smaller drive, or in it's proper place on the network and check that the customer is happy.
  Barring such a friendly relationship then put the device in a shipping carton, print out a legit looking label from DHL, UPS, Planet Express, or whatever, and drop it off after I get a signature. Along with my oversized "backup drive" (or whatever) is a sheet of instructions to plug into their PC and how to power it up. Depending on what I want it to do I can have them send it back, tell them they "won a prize", or whatever to make it look good. It doesn't have to be an old hard drive case, tell them its their new modem from their ISP and it's a modified off the shelf modem with a surprise inside to grab traffic. Have it plug in with Ethernet, USB, whatever they have.
  
  Yes these USB "vulnerabilities" don't offer anything you technically couldn't do by sitting down in front of the machine with your own keyboard, mouse, network and storage devices, but the unique thing is they can do it much quicker, much more discreetly, and it's much easier to trick someone else into running the exploit for you.
  USB adds nothing. This has all been done before. Depending on what you are looking for these same things can be had with a DVD, a modified network device, a printer that you had "sent out for repair".
  People love those BlueTooth wireless speakers that use USB to charge up. Crack one open and you are likely to find more room to play with than a flash drive. Just about anything that would reasonably be charged with USB could make a better device than a flash drive. A novelty hub might be a nice hiding place for stuff. If you are stuck on USB then there's more than just flash drive.
  If we are going back in time then I can give all kinds of examples of this done before. Some much more complex than others, none using USB.
  
  --
  I am armed because I am free. I am free because I am armed.
51. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-09 00:18 · Score: 0
  
  It does work there.
  It has worked there for many years.
  Windows doesn't use an IOMMU to protect the system... Or at least hasn't up to now.
52. Re:an attacker has physical access to the machine by AC-x · 2017-11-09 00:38 · Score: 1
  
  You're ignoring all the additional scenarios this opens up that wouldn't be possible otherwise -
  Any company that deals with large digital documents where it's normal to receive files on usb sticks / drives.
  Plugging a miniature USB stick into an unattended computer quickly and walking off.
  Giving branded USB sticks away.
  Leaving USB sticks lying around.
  Your examples mostly revolve around already having social engineered a position of trust (if you're already doing maintenance on a user's machine what do you need a special device for?). Devices disguised as regular USB sticks/devices lowers the amount of social engineering required considerably. A user might notice a screen flicker up, but it's unlikely they'll see enough to know what was happening before it disappeared, at which point an exploit could already be installed on the machine.
53. Re:an attacker has physical access to the machine by blindseer · 2017-11-09 01:39 · Score: 1
  
  You're ignoring all the additional scenarios this opens up that wouldn't be possible otherwise -
  USB adds nothing that an an otherwise equivalently capable device could not do with another appropriate port.
  
  Any company that deals with large digital documents where it's normal to receive files on usb sticks / drives.
  The places I've been it's rare to send data on a flash drive as it does not prevent modification in transit. We use optical discs, CD-R, DVD-R, or BD-R, depending on the size. If the stack of polycarbon discs starts to look a bit think then its sent on a SAS drive in a pelican case. Each end will have the appropriate drive array for the caddy the drive is in. Many files are simply sent over the network through a number of data storage services, if the file cannot simply be e-mailed.
  
  Plugging a miniature USB stick into an unattended computer quickly and walking off.
  That's frowned upon. Depending on the time and place this is a breach of protocol, merely inconsiderate, and may involve a verbal reprimand. Such drives are to be handed to the person, placed in their mail box, or left with a neighboring coworker.
  
  Giving branded USB sticks away.
  There's enough distrust that I'm not sure this would go over well. They'd be examined or must come from a trusted party
  
  Leaving USB sticks lying around.
  People typically aren't in the mood to plug them into work computers. There's enough lost drives that they are just given to IT to deal with.
  
  Your examples mostly revolve around already having social engineered a position of trust (if you're already doing maintenance on a user's machine what do you need a special device for?). Devices disguised as regular USB sticks/devices lowers the amount of social engineering required considerably. A user might notice a screen flicker up, but it's unlikely they'll see enough to know what was happening before it disappeared, at which point an exploit could already be installed on the machine.
  You are correct, I don't need a special device. I'd want it there so that I'm not leaving so many tracks as group policies or spending so much time at each computer. If I wanted a special device then having something much larger and capable would make installing quicker. Also to point out the lack of a need to be discreet. If I call something a drive then in the minds of everyone that I talk with this thing is a drive. It may in fact be a fully functioning computer capable of running scripts against the PCs. among other things.
  
  --
  I am armed because I am free. I am free because I am armed.
54. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-09 02:14 · Score: 0
  
  Allow me to present the USB killer, cousin of the famous etherkiller.
  With access to a USB port (any non-optical port, actually), there is nothing the kernel can do to defend itself.
55. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-09 02:28 · Score: 0
  
  Please tell me more. I recall a rather problematic security issue with early FireWire implementations that allowed direct access to a computer system's memory
  That Firewire security issue is called DMA. It's not a bug, it's a feature.
  
  What USB hardware vulnerabilities do you know about?
  USB killer. It doesn't even need a chip implementing the USB protocol, a bunch of capacitors and a couple of voltage doublers are enough.
56. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-09 02:36 · Score: 0
  
  Nonsense. These ring 0 USB exploits are the equivalent of Windows AUTORUN.INF viruses. "Here is a doc I wrote. Open it," should always be a safe act.
57. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-09 03:13 · Score: 0
  
  Meanwhile at Linus tech tips...
  God I hate that fucking moron.
58. Re:an attacker has physical access to the machine by AC-x · 2017-11-09 03:20 · Score: 1
  
  USB adds nothing that an an otherwise equivalently capable device could not do with another appropriate port.
  No other port has nearly the range of possible attacks or the ubiquity of use as USB.
  
  The places I've been it's rare to send data on a flash drive as it does not prevent modification in transit. We use optical discs, CD-R, DVD-R, or BD-R, depending on the size. If the stack of polycarbon discs starts to look a bit think then its sent on a SAS drive in a pelican case. Each end will have the appropriate drive array for the caddy the drive is in. Many files are simply sent over the network through a number of data storage services, if the file cannot simply be e-mailed.
  In niche / high security organizations sure, but most companies would be fine to receive files that way.
  
  That's frowned upon. Depending on the time and place this is a breach of protocol, merely inconsiderate, and may involve a verbal reprimand. Such drives are to be handed to the person, placed in their mail box, or left with a neighboring coworker.
  We're talking about hacking here, not colleagues playing pranks on each other. A disgruntled employee or even guest of the building could slip a small USB stick into a computer much more discreetly than even hooking a (much more limited capability) PS2 keylogger onto a system and easily go unnoticed.
  
  There's enough distrust that I'm not sure this would go over well. They'd be examined or must come from a trusted party
  Yeah you can tell employees not to bring USB drives in from outside all you like, but unless you work in a niche high security organization where everyone is savvy enough or the building is locked down enough, you know it's going to happen.
  I mean, I worked for a web company and when we had an agency security audit us there were still a few members of staff who fell for the obvious phishing email they sent and entered their domain credentials.
  
  People typically aren't in the mood to plug them into work computers. There's enough lost drives that they are just given to IT to deal with.
  As above, there's still a good chance someone will get caught out by it.
  
  You are correct, I don't need a special device. I'd want it there so that I'm not leaving so many tracks as group policies or spending so much time at each computer. If I wanted a special device then having something much larger and capable would make installing quicker. Also to point out the lack of a need to be discreet. If I call something a drive then in the minds of everyone that I talk with this thing is a drive.
  
  You're still only covering having overt physical access to machines. The above examples cover more possible scenarios.
  
  It may in fact be a fully functioning computer capable of running scripts against the PCs. among other things.
  You can buy a programmable USB dev board in stick form factor with a 180mhz ARM CPU and multi-gigabyte microSD storage for $30, it is 2017 after all :)
59. Re:an attacker has physical access to the machine by blindseer · 2017-11-09 12:45 · Score: 1
  
  No other port has nearly the range of possible attacks or the ubiquity of use as USB.
  That's just like saying every house has a front door therefore they are vulnerable. There's nothing inherently insecure about USB that previously common ports did not have.
  USB combining keyboard/mouse with storage and network adds nothing or very little. The ubiquity of floppy and optical drives meant any storage based attack is no different than a flash drive attack, except maybe the speed and size but then computers have always getting smaller and faster. A keyboard emulator attack requires someone to be in on the attack or have a mental incapacity (being a child, being drunk, etc.) that they will not think their mouse pointer moving about and words getting typed without them is odd. The network attacks are interesting but that requires a more complex device, greater skill, and still someone in on the attack at the computer or a person running the computer not being aware of some odd behavior.
  
  You can buy a programmable USB dev board in stick form factor with a 180mhz ARM CPU and multi-gigabyte microSD storage for $30, it is 2017 after all :)
  That's fine but all you are saying is that computers have got smaller and faster. Many of these same attacks can be done with a cell phone, laptop, or just a cheap flash card loaded with the right files. Many of these things can be had for $30 or less, and are just as inconspicuous.
  I think people are making a mountain out of a mole hill. There is nothing new here. What these attacks largely rely on is "plug-n-play", where a device plugged in has it's drivers loaded automatically and is allowed to send and receive data. This is not new and if someone is concerned about this then the drivers posing the threat can be disabled.
  
  --
  I am armed because I am free. I am free because I am armed.
60. Re: an attacker has physical access to the machine by AC-x · 2017-11-09 13:31 · Score: 1
  
  You're still completely missing the point of this -
  A malicious USB device can bypass restrictions on autorun by using keyboard shortcuts to execute commands (eg. via win-r) that a storage-only attack can't.
  A malicious USB device can execute an attack too quick to stop, and possibly before the user has even looked up at the screen again.
  Computers can't realistically have their usb keyboard and mouse drivers disabled.
  It's not making a mountain out of a mole hill, it's noting an interesting attack vector that the ubiquity and multi-function nature of USB makes possible.
61. Re:an attacker has physical access to the machine by Anonymous Coward · 2017-11-09 17:12 · Score: 0
  
  I own 5 flashdrives, and I don't take them to the street. Nor do I put executables on them other than certified sha256sum iso's.
  i keep the house locked at night. So, to get a security breach, you have to break in then you have to power up my system
62. Re: an attacker has physical access to the machine by blindseer · 2017-11-09 18:11 · Score: 1
  
  It's not making a mountain out of a mole hill, it's noting an interesting attack vector that the ubiquity and multi-function nature of USB makes possible.
  You are about 15 years too late. This is not interesting now. USB came out over 20 years ago, and has been quite common since the early days of Windows XP and Mac OS X 15 years ago. If this was any real effective attack vector then maybe someone would have done more than just some interesting demonstrations with a $30 embedded computer. Sure, lots of things are possible if someone throws enough time and effort behind it. If this has somehow escaped into the wild then maybe it can be "interesting".
  Very similar attacks have been possible for an even longer period of time using other ports with similar ubiquity then as USB has now. USB may have made the complexity or ease of these attacks greater but, again, THAT WAS T_W_E_N_T_Y Y_E_A_R_S AGO!!!
  
  --
  I am armed because I am free. I am free because I am armed.
63. Re: an attacker has physical access to the machine by AC-x · 2017-11-09 23:06 · Score: 1
  
  Well that's a really silly thing to say isn't? That there hasn't been any known attacks but now cheap powerful usb dev boards are available and people are releasing proof of concept code, there still won't be any attacks? Dear me, next you'll be saying KRACK attack is nothing because it's been sitting in plain sight in the wpa2 spec for 10 years!
64. Re: an attacker has physical access to the machine by blindseer · 2017-11-09 23:27 · Score: 1
  
  I didn't say there won't be any attacks, I said that there are no reports of this style of attack being successful against anyone, therefore this threat is merely theoretical. If this moves out of theory into practice then we might have something "interesting". Since this has remained theoretical for 20 years then my expectations of such a thing happening anytime soon are quite low.
  Maybe someone could find these hacks useful for something that doesn't involve breaking into another computer. I have some ideas on uses but we've already carried this on long enough. Non-nefarious uses of this would be "interesting" too. Maybe people should be working on that instead of how it can be used to steal data or cause vandalism.
  
  --
  I am armed because I am free. I am free because I am armed.
65. Re: an attacker has physical access to the machine by AC-x · 2017-11-10 05:49 · Score: 1
  
  I mean, it is more than theoretical now though as there is readily available hardware and several working proof of concepts. Certainly one to keep an eye on.
Linux kernel USB drivers by Archangel+Michael · 2017-11-08 08:08 · Score: 2, Interesting

I think i found the problem. Kernel Space drivers are always prone to these kinds of problems. This is not new.
The depth of the problem is newish, but only because someone peeked in and saw flaws.

--
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
1. Re:Linux kernel USB drivers by Anonymous Coward · 2017-11-08 08:30 · Score: 1
  
  That's why we have https://www.kernel.org/doc/Documentation/usb/authorization.txt
  now, that it is not used it is a whole different matter
2. Re:Linux kernel USB drivers by Anonymous Coward · 2017-11-08 09:45 · Score: 0
  
  Well, that's not much of a surprise given that practically every usb device under linux requires root to access by default. Nine times out of ten, when you have a usb device issue in linux it's because some maintainer didn't set the permissions / ownership bits correctly in udev's rules. Or you're using domain logon and therefore pam_group can't grant you membership to plugdev. Worse still is the "solution" that gets spread around constantly on various forms which is "make the usb device node world readable / writable / executable."
  Given that USB is hotpluggable, you would think linux would have a better security model for it other than "run as root in the kernel, like we're the old Windows DM." As it is, libusb (the most commonly used library) requires root just to connect to it. It runs with whatever permissions the caller has, and most programs that use it proudly proclaim to "run as root" when using them. If it made any attempt what so ever at creating some security daemon or something to remove the device permission requirements from the calling program, you'd have a much smaller attack surface.
  Not saying that in-kernel drivers isn't an issue, but the userland isn't any better.
3. Re:Linux kernel USB drivers by Anonymous Coward · 2017-11-08 11:28 · Score: 0
  
  Kernel Space drivers
  The open source knock-off of Kerbal Space Program?
4. Re:Linux kernel USB drivers by Anonymous Coward · 2017-11-08 13:15 · Score: 0
  
  Did you submit a bug report? Is there anything we can do in the meantime to help?
5. Re:Linux kernel USB drivers by Anonymous Coward · 2017-11-09 01:40 · Score: 0
  
  Kernel space driver issues aside, how much of this issue is born out of udev, systemd and others... from the Distro side of the equation, pushing to have 'auto-mounting' as the norm out the gate?
  I agree, this REALLY needs some eyes and thought to be fixed kernel side, however to make Linux more 'user friendly', just like WIndows and OSX, they've opened themselves up to asinine security policies to provide 'Linux on the Desktop'.
  If you run Linux, and honestly can take the time to enter a VERY simple command at shell, or 'click' within a UI screen, to mount a new device... rather than throw caution to the wind, my empathy will be lacking.
Physical access by Anonymous Coward · 2017-11-08 08:09 · Score: 0

Attacker with physical access owns local machine. Film at 11.
1. Re:Physical access by phantomfive · 2017-11-08 08:29 · Score: 2, Informative
  
  USB has a problem. Even if the kernel is 100% secure, you can use the USB standard to hack devices. This is why secure environments put glue in their USB ports.
  
  --
  "First they came for the slanderers and i said nothing."
2. Re:Physical access by mark-t · 2017-11-08 08:44 · Score: 1
  
  I would think that secure environments would keep the case of a computer behind a locked panel, and not generally allow physical access to it at all. This also has the bonus of being a much more reversible state if or when authorized system administrators need to actually use the port for some purpose.
  
  --
  File under 'M' for 'Manic ranting'
3. Re:Physical access by coolsnowmen · 2017-11-08 08:50 · Score: 2
  
  secure environments do all that and more: 1) reduce physical access 2) in software blacklist the entire usb chain with the exception of keyboard/mouse. This means no driver will even be loaded no matter what you put in...
4. Re:Physical access by viperidaenz · 2017-11-08 09:06 · Score: 1
  
  Pretty much everything on that website is a USB keyboard. Doesn't work if the PC you plug it in to is locked or not logged in. You may as well use the keyboard that's already plugged in.
5. Re:Physical access by phantomfive · 2017-11-08 09:20 · Score: 1
  
  Screen locked? Not a problem!
  
  --
  "First they came for the slanderers and i said nothing."
6. Re: Physical access by CustomBuild · 2017-11-08 09:24 · Score: 1
  
  Idiot who mistakes all physical access as equitable, news at 11:15!
7. Re:Physical access by Anonymous Coward · 2017-11-08 09:54 · Score: 0
  
  You may as well use the keyboard that's already plugged in.
  That's not discreet. The point is to create a device that emulates a usb keyboard which can be automated to inject commands into the system. Preferably one that is small enough to be mistaken for a thumbdrive or a usb wireless dongle at a distance, so that the attacker has longer to pull off their attack before being detected. Typically these devices also emulate a usb hub to allow for payload storage, help chain the primary or other exploits (see also the PSgroove for the PS3), or to exfiltrate data.
8. Re:Physical access by lamber45 · 2017-11-08 10:50 · Score: 1
  
  Different OS. If you're using "cifsmount" for /home/ user or something similar you might be vulnerable. If the lock-screen gets you to a desktop that can only run SSH, VNC over SSH, or a locked-down HTTPS-only browser, not so much. Then again, the attack described in that article isn't just a USB thing... someone could probably build a male RJ45 dongle that runs the same attack.
9. Re:Physical access by mark-t · 2017-11-08 13:46 · Score: 1
  
  If you've already blockaded all physical access to the ports by putting the physical computer behind either a locked panel or door, then policy 2 is superfluous, and only liable to inconvenience people who would otherwise be legitimately authorized to make changes to the system's configuration, and although reversible, is subjectively not significantly better than the aforementioned suggestion of blocking up the ports with glue.
  
  --
  File under 'M' for 'Manic ranting'
10. Re:Physical access by blindseer · 2017-11-08 17:37 · Score: 1
  
  Three of those "hacks" are just devices that emulate keyboards, that's not unique to USB since something that can emulate PS/2 could do the same. The ability to have storage as part of the USB device does add some capability since files can be copied over but if there is internet access then files can be downloaded. Without internet access and sufficient time at the computer a keyboard emulator (PS/2, ADB, whatever) could input executable scripts or even enter and compile code. This is nothing a person could not do with enough time at a computer manually if they simply memorize enough stuff, and no incriminating USB devices for someone to find. All of these attacks require having a password, or finding an unlocked screen.
  One "hack" is also not unique to USB as it takes power from the port to charge a capacitor to zap the port with a higher voltage. USB may have more voltage and/or power to draw from making this kind of an attack more effective but even a VGA port or Ethernet port would be vulnerable. Having access to a battery of some sort can do damage too, as could just wiring any computer data port to a 120 VAC wall plug.
  One "hack" is described as a "password stealer" and lacks much for a description, and the link it provides is dead. Best I can gather it's just a keylogger, which is not something that is unique to USB.
  One "hack" doesn't even plug into USB to work so I'm not even sure why it's on this list. Sure, it's disguised as a USB power brick but it could have been disguised as just about anything that plugs into a wall outlet. It picks up RF from a common USB wireless keyboard, which I guess is another possible connection to being a "USB hack" but then this would apply to any wireless device that could carry sensitive data.
  All in all none of this is unique to USB.
  
  --
  I am armed because I am free. I am free because I am armed.
11. Re:Physical access by blindseer · 2017-11-08 18:48 · Score: 1
  
  That's not discreet. The point is to create a device that emulates a usb keyboard which can be automated to inject commands into the system.
  
  This is not unique to USB, any port that allows the connection of a keyboard (PS/2, ADB, whatever) will allow someone to inject commands into a computer at a speed faster than people can type.
  If there is a need to keep it discreet then hide it in something that's common to an office environment, like a hollowed out highlighter or dry erase marker. Why not just hide the device in an actual keyboard? Most keyboards I've seen have a hollowed out back, room enough for plenty of circuitry. Even better if the keyboard brought in is one of those fancy ergonomic types as it gives an excuse to bring in your own keyboard ("Oh, this? It's for my carpal tunnel problem.") and can give even more room than a typical keyboard supplied with a PC. These things can be hidden in a mouse (also makes sense for personal preference and being plugged in), a laser pointer (bonus if it's the kind that recharges from USB), a case for eyeglasses, a calculator (a bonus as it provides some input and output if all the electronics are replaced), put it in a pill bottle (bonus as medications have social norms and legal protections against being messed with), and so on.
  If someone is discovered at a computer they are not supposed to be using, and the screen has windows popping open and text being blasted into them, then there is nothing "discreet" about hiding the device as a flash drive. If the device needs to be left at the computer so the payload can be delivered later then hide the thing as just about any USB device, such as a mouse, keyboard, hub, or DVD drive. A flash drive left in a computer might lead someone to take it out and try to find the owner that forgot it. A hub or mouse plugged in will likely be left alone.
  
  --
  I am armed because I am free. I am free because I am armed.
12. Re:Physical access by Anonymous Coward · 2017-11-08 20:53 · Score: 0
  
  USB, unlike PS/2, is used to transfer files between computers. So the act of plugging in a foreign USB stick or any USB device is very normal thing to do and it's the legitimate user of the machine doing it, not the hacker. Meanwhile plugging in a foreign PS/2 device has never been a thing, so it would be a rather weird and suspicious thing to do. Furthermore a USB device doesn't leave any easily discoverable evidence, there are so many different brand and shapes of USB sticks that you would have a very hard time telling a fake one from a real one, even when you crack it open. Even when you try to get at it's software, you might be unable to find any trace of it, as the software on the USB stick that did the hacking can just delete itself after it has done it's job.
  
  A flash drive left in a computer might lead someone to take it out and try to find the owner that forgot it. A hub or mouse plugged in will likely be left alone.
  Guess how they would try to find who left it? They'd plug it into their PC and browse through the files so that they might find the name of owner. If you just randomly scatter a few USB sticks in the wild some of them will find their way into a USB port.
  
  then there is nothing "discreet" about hiding the device as a flash drive.
  They are not hiding the device as a flash drive, the device *is* a flash drive. It works exactly as expected when you plug it in. It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
13. Re:Physical access by pacman+on+prozac · 2017-11-08 21:47 · Score: 1
  
  I don't know why you got modded as flamebait because this is spot on. There are other mitigations to reduce the USB risk which are appropriate in most cases as it's not usually feasible to block the ports but some risk remains. Ultimately most environments need USB keyboards & mice so if your badUSB device emulates an HP or IBM keyboard then it's likely to get through any USB device control in place.
  There are lots of environments where the biggest threat comes from the people who have physical access.
14. Re:Physical access by blindseer · 2017-11-08 22:56 · Score: 1
  
  It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
  That's just crazy talk. People will notice their mouse pointer moving and things getting typed.
  
  Meanwhile plugging in a foreign PS/2 device has never been a thing, so it would be a rather weird and suspicious thing to do.
  People have been plugging in crazy and "suspicious" things all the time. A PS/2 keylogger would be only a short cable with a "ferrite choke" in the middle (which actually contained the electronics) and installed as a "noise filter". In reality it transmitted every keystroke to anyone with the right kind of receiver. The fancier ones had two-way action. A storage device, from floppies to CD-Rs to Zip cartridges, could be left lying around waiting to install software keyloggers, network diversion scripts, or whatever.
  Nothing's changed really. Computers got smaller, cheaper, faster, that's all. This made the population of people that could afford these attack devices larger, as well as the population of victims. USB getting adopted widely on MacOS, Windows, and Linux means a single device can attack them all.
  
  They are not hiding the device as a flash drive, the device *is* a flash drive. It works exactly as expected when you plug it in. It's also a mouse/keyboard emulator in the background, but the user doesn't easily notice that.
  People will have something that *IS* what it claims to be, but also grab data as it goes by. This might be a large old looking modem that was hollowed out and the insides replaced with a newer modem and a device to store everything that comes and goes. An enterprise level switch or router could be compromised to divert certain kinds of traffic. Those with more money could buy a PCMCIA card with a programmable FPGA in it that could emulate a flash storage while also giving access to the computer buss to do just about anything they could think of and fit on that card. A FireWire "hard drive" could actually be a fully functional computer, plug that in and someone could have access to the main computer memory.
  It all depended on the amount of effort someone was willing to put into the attack. Simple ones were pretty basic viruses people could construct using scripts. Put it on a floppy disk and drop it in a hallway. CD-Rs, when they came out made this easier as it enabled hidden tracks, boot files, drivers, and just more space for a payload, as well as being more durable so as to survive being dropped where someone might just as easily step on it as pick it up, or be left in the rain for a bit. Keyloggers and traffic sniffers cost some money. The real pricey stuff, like the FPGA in a PCMCIA card, or a computer in an external drive case, were very expensive. These were custom or semi-custom devices.
  Nothing new here. Even the driver security stuff isn't new. Malware drivers were seemingly always a thing, as were security holes in the drivers included in the OS. It's been long enough now that a lot of specifics escape me.
  
  --
  I am armed because I am free. I am free because I am armed.
The fact is USB is inherently vulnerable by Anonymous Coward · 2017-11-08 08:09 · Score: 2, Interesting

Linux drivers can mitigate that but they will never stop the problems in the USB spec.
And here is why kernel-embedded stuff is stupid by Khyber · 2017-11-08 08:12 · Score: 0, Troll

Vulnerabilities present and reported in the kernel-based DRIVER FOR A TOY since *2003* and still not fucking fixed.
The kernel should do nothing more than act as a basic bit router.
Most other OSes get this right. Why can't Linus in his infinite wisdom do the same?
Oh, right, his inability to be fucking wrong.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
1. Re:And here is why kernel-embedded stuff is stupid by phantomfive · 2017-11-08 08:29 · Score: 1
  
  Vulnerabilities present and reported in the kernel-based DRIVER FOR A TOY since *2003*
  What are you talking about?
  
  --
  "First they came for the slanderers and i said nothing."
2. Re:And here is why kernel-embedded stuff is stupid by Anonymous Coward · 2017-11-08 08:39 · Score: 0
  
  Most other OSes get this right. Why can't Linus in his infinite wisdom do the same?
  Dude... Man... If you really think Windows and Mac OS have this 100% right, you are as foolish as your critique of Linus.
  You give me the ability to physically access your computer, I'm pretty sure I can launch a DOS attack on it by just plugging in a USB device. No, it doesn't matter what OS you have.
3. Re:And here is why kernel-embedded stuff is stupid by Anonymous Coward · 2017-11-08 08:42 · Score: 1, Insightful
  
  Why can't Linus in his infinite wisdom do the same?
  If Linux was a microkernel architecture kernel, it would be safer, but slower by about 20%. So the reason is speed.
4. Re:And here is why kernel-embedded stuff is stupid by Anonymous Coward · 2017-11-08 09:48 · Score: 0
  
  Why can't Linus in his infinite wisdom do the same?
  If Linux was a microkernel architecture kernel, it would be safer, but slower by about 20%. So the reason is speed.
  Bullshit. USB devices are very low bandwidth. Plan9 has userspace USB stack, and I don't see it being 20% slower. Infact I'd hazard a guess that the simplicity of the USB interface on Plan9 and not needing to negotiate Linux' complex tree of kernel locks actually makes the drivers here more efficient than Linux.
  I run the Linux UVC drivers on FreeBSD in userspace (webcamd) and I don't notice any "slower by about 20%" overhead.
5. Re:And here is why kernel-embedded stuff is stupid by Anonymous Coward · 2017-11-09 00:31 · Score: 0
  
  Thats the problem with Windows.
  It is a toy... and just can't do security right without also requiring the system to be disconnected from the net, with removable devices disabled.
  Hasn't had decent security since the brief existence of NT 3.5... which only barely passed C2 tests with the network and removable devices disabled.
  "Most other OSes get this right"... well, maybe BSD. And since Apple has been removing usb devices, them too.
  Windows? nope.
6. Re:And here is why kernel-embedded stuff is stupid by Anonymous Coward · 2017-11-09 00:35 · Score: 0
  
  Since when has USB devices been low bandwidth?
  Up to 20 GBit.
  What "complex tree of kernel locks" are you talking about?
Can't believe I'm saying it but... apk by Anonymous Coward · 2017-11-08 08:32 · Score: 0

See subject: Khyber, when you're RIGHT? You're right but with problems too see below. Monolithic design = dumb vs. modified hybrid micro/monolithic kernel designs (w/ drivers for hardware vs. internal to OS core type) yes, like Windows NT based OS are (a hybridized kernel design between BOTH models).
* You do "monolithic"? Well - THIS is EXACTLY what can "go wrong" (or rather need a fix) but it gets more complicated when it's embedded in an ENTIRE KERNEL vs. a driver file instead (smaller by FAR & usually pretty small code vs. usermode apps).
HOWEVER:
You're describing & leaning toward PURE MICROKERNEL design though (has problems too, messagepassing overheads between RPL0/Ring 0 kernelmode & OTHER layers (usually RPL3/Ring 3 in current OS design typically)).
Seriously though? Go easy man - you'll POP getting so "tight" about this - @ least they KNOW about it now & can fix it (look @ the 'bright side').
APK
P.S.=> Anyhow, see subject = For once, I am with you & this article proves a lot of it for you... apk
1. Re:Can't believe I'm saying it but... apk by Anonymous Coward · 2017-11-08 09:28 · Score: 1
  
  The first mistake. Having an operating system.
2. Re: Can't believe I'm saying it but... apk by Brockmire · 2017-11-08 10:13 · Score: 1
  
  Stop fucking telling people to "see subject". Everyone else is a better reader/writer than you and you are the last fucking person in the world that should be telling people how to read. Learn to write a fucking post. FFS.
3. Re:Can't believe I'm saying it but... apk by Anonymous Coward · 2017-11-08 10:43 · Score: 0
  
  APK, no joke, thanks for making a positive contribution to the forum, it's really nice to see.
Seems like a good thing! by DarkOx · 2017-11-08 08:36 · Score: 3, Informative

Severs in locked data centers - safe
PCs in locked offices / homes - safe
Laptops - safe if you shut it down and have bios password to enable boot, probably safe with encrypted root fs, provided machine is shutdown to begin with.
Laptop in yours own hands - safe
Now all those consumer devices that the manufacture won't let you have access to, ROOTED!
This is a win.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
1. Re:Seems like a good thing! by Anonymous Coward · 2017-11-08 09:40 · Score: 0
  
  This just in: earlier this year it was discovered that Intel IME grants full remote access to computers if the attacker tries to connect using a blank username and password. Naturally, this works even when the computer is switched off (because part of IME's intention is to allow computers to be switched on remotely).
2. Re:Seems like a good thing! by Anonymous Coward · 2017-11-08 12:49 · Score: 0
  
  Laptops - safe if you shut it down and have bios password to enable boot, probably safe with encrypted root fs,
  
  Nah, that just means the adversary needs physical access twice instead of once. First time to install the hardware keystroke logger.
3. Re:Seems like a good thing! by Anonymous Coward · 2017-11-08 13:02 · Score: 0
  
  Desktops running fedora 26/27 with latest updates -safe, all fedora system run last release kernels, all the listed flaws are in recent 4.13/4.12 kernels but not in tbe one current on fed26. Fedora always runs cutting edge kernels.
4. Re:Seems like a good thing! by complete+loony · 2017-11-08 13:51 · Score: 1
  
  And don't plugin that usb key you found in the parking lot... Though usually I would trust a linux machine for examining an unknown usb device. Certainly more than I would trust a Windows box. So this is a little troubling.
  
  --
  09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
5. Re:Seems like a good thing! by Wolfrider · 2017-11-09 09:07 · Score: 1
  
  --Anymore, one of the only devices you can "trust" plugging a random USB device into would be a Raspberry Pi. Cheap and disposable if necessary; you can run ClamAV tests from there, and see if it lets out the magic smoke.
  
  --
  .
  == WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
You see! by Anonymous Coward · 2017-11-08 08:40 · Score: 0

They never shoulf haz kiked me off of vger.kernel.org. I could help get them a code and help them more I bet while I'm trying to help.
Nick Krause
Pretty Standard by Anonymous Coward · 2017-11-08 08:42 · Score: 0

The same applies to all devices that have loadable firmware. Just you do not hear as much about malicious SATA drives, malicious MODEMS, and malicious monitors.
However, they can all do exactly the same thing.
Exactamundo & "great minds think alike"... apk by Anonymous Coward · 2017-11-08 08:53 · Score: 0

He'd like MACH purer 'microkernel' design but it has the downside YOU & I noted (messagepassing) https://linux.slashdot.org/comments.pl?sid=11332813&cid=55515443/
* Too bad too - in theory, microkernel design IS more secure & easier to maintain I'd say (separated driver files AND rings of privelege) but has messagepass overheads between priv rings.
APK
P.S.=> I'd say it's slower than 20% though... apk
Sandbox by goombah99 · 2017-11-08 09:00 · Score: 2

I'm assuming these things happen because the USB device drivers load microcode from the USB device? If so why can't these things be sandboxed-- no reason to give them file access or network access or even much memory. If it's a matter of top line speed then let the user decide-- sandbox by default and let the user have a switched labeled "open your mouth and close your eyes-- give me a tiny bit more speede in return for butt neckid security."

--
Some drink at the fountain of knowledge. Others just gargle.
1. Re:Sandbox by Anonymous Coward · 2017-11-08 09:27 · Score: 0
  
  so the attacker will choose for "speed in exchange of security" when plugging in his/her "USB tools"?
2. Re:Sandbox by Anonymous Coward · 2017-11-08 09:34 · Score: 0
  
  I'm assuming these things happen because the USB device drivers load microcode from the USB device?
  Um, no. If anything you've got it ass-backwards. Some USB drivers have firmware blobs that they push to their related USB devices to bootstrap them.
  The issues found amount to DoS by not responding to host requests in a timely fashion and/or run-of-the-mill buffer overrun exploits delivered in device responses.
3. Re:Sandbox by Ungrounded+Lightning · 2017-11-08 10:50 · Score: 1
  
  I'm assuming these things happen because the USB device drivers load microcode from the USB device?
  No.
  The tool referred to does "fuzzing". That means it talks the protocol, but tries a variety of minor corruptions to the packets it sends, to see if any of them exercise a bug in the drivers on the other end of the wire.
  So any bugs found are in the driver and related to defective error-checking on incoming messages, not to hypothetical code loaded from the USB peripheral.
  (Granted, if some driver DID do something as hazardous as loading and running, in kernel context, code from the peripheral, fuzzing THAT, introducing bugs into it, would be fair game.)
  
  --
  Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
4. Re:Sandbox by Darinbob · 2017-11-08 16:23 · Score: 1
  
  No microcode. However there's an enumeration process that involves reading data from the device. Ie, you can try to override some internal buffers of the buggy driver by claiming to have longer descriptors than it has room for.
5. Re:Sandbox by AmiMoJo · 2017-11-09 00:46 · Score: 1
  
  I don't know of any USB device drivers that loads microcode from a USB device. There are plenty that do it the other way around - the USB is just a bootloader + RAM, with the application code stored in the driver and loaded every time it is plugged in.
  The issue is that the USB device sends device descriptors to the computer that describe what it is and how to talk to it. By looking at that data the OS can device which driver to assign to it. By sending malformed descriptors you can trigger bugs in the Linux parser, which for some insane reason is running in the kernel.
  Interestingly Windows is immune to this kind of attack because it does all the parsing and runs the USB stack in user space. Only the very low level stuff, the packet handling, runs in the kernel and it is simple and robust enough to avoid these kinds of flaws.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
6. Re:Sandbox by Anonymous Coward · 2017-11-09 07:06 · Score: 0
  
  Can't believe I had to get 2/3 of the way down the page for a succinct, coherent problem statement. Thanks.
BleepingComputer is garbage by Anonymous Coward · 2017-11-08 09:09 · Score: 0

The quality of website is inversely proportional to the number of third party scripts, adware, and trackers which it hosts. BleepingComputer is one of the WORST offenders. It is a junk website loaded up with an extra heaping helping of gratuitous scripts. The only thing surprising about BleepingComputer is that they don't use more html "blink" tags.
Upsides to this by Anonymous Coward · 2017-11-08 09:14 · Score: 0

is that they were discovered precisely because someone could look at the sourcecode. The same vulnerabilities in Windows or Macos would've taken far longer to fix. In addition, bugs like these are often fixed very fast on Linux, but on Windows and Macos it can take months and months, as has been proven before, mainly because somewhere in the chain there is a court order typically from the NSA, in order to make sure there is a "way in" on certain computer systems.
Bugs occur on all systems, that's the reality, and if anything this should inspire confidence in Linux and how it's developed.
20% slower? by bobbuck · 2017-11-08 09:29 · Score: 1

Really? That seems like a lot.
1. Re:20% slower? by HornWumpus · 2017-11-08 09:45 · Score: 1
  
  How many context switches to draw a pixel?
  
  --
  John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
hashtag whitelists matter by Anonymous Coward · 2017-11-08 09:30 · Score: 0

It has always been well known best practice to minimize threat surface by minimizing code on a system, including the most obvious of not having code you don't have an intended use for being present. And there have always been a spectrum of devices and use cases where various tradeoff levels between security and convenience were taken.
That large companies raking in the bucks might have made dubious due diligence in their following of these practices, as well as smaller less/non-profitable software developers overselling the relative security of their products... Yeah, we've know there has been a lot of that for many many years now.
Post Snowden this counts as little more that typical slashdot hype headlining. (If my didn't bother to read half the summary analysis isn't otherwise flawed). Also, if there is perhaps a less chromatically offensive, but widely enough understood to 'whitelists' i'm all ears. But it boils down to the general best practice of knowing what you intend, and spending as much time as you can justify encoding that that, and only that, is what goes on in the system. hashtag overall system code minimization. keep it (as) simple (as reasonably possible) stupid.
Android by atisss · 2017-11-08 09:33 · Score: 2

So, i guess it affects android too..
Oh, i see your phone is low on battery, here - have a charger
1. Re:Android by dargaud · 2017-11-08 21:13 · Score: 1
  
  Which is probably why the latest Androids are in charge-only mode when you plug them in. You have to select a menu to activate data exchange (MTP) or other USB modes.
  
  --
  Non-Linux Penguins ?
Re: an attacker has physical access to the machin by Anonymous Coward · 2017-11-08 09:43 · Score: 0

If they can tell that the part of he disk is encrypted, it's bad encryption (implementation).
The whole point of encryption is, that you can't tell what it is. That includes "nothing" and "encrypted data" as choices.
Yeah, that means everything needed to locate, decrypt, open and mount the encrypted partition, should reside, in a password-protected form, on this USB stick that "happened" to already get destroyed.
If they lock you up for that, they will lock you up in any case, unrelated to anything you did.
Re: an attacker has physical access to the machin by Brockmire · 2017-11-08 10:03 · Score: 1

It's the law to inform the people you may have infected them with an STD, no? Otherwise, what kind of asshole are you?
Qubes OS solution: USB VM by Burz · 2017-11-08 10:22 · Score: 0, Redundant

Authors of Qubes OS have long stated that monolithic kernel crappiness means that Linux, Windows kernels cannot be used effectively for security. The solution is to isolate the risk (large attack surface) they pose using relatively secure type-1 hypervisors. USB and NIC/wifi/bluetooth controllers are compartmentalized in their own virtual machines.
1. Re:Qubes OS solution: USB VM by SuricouRaven · 2017-11-08 11:18 · Score: 0
  
  It's a trade. Security vs performance. Always is.
Classic Linux-Head Remark by Anonymous Coward · 2017-11-08 11:40 · Score: 0

Linux is Safe. There is no USB exploit. Now all you people stop talking right now!
Help! Someone please send help! by Anonymous Coward · 2017-11-08 11:41 · Score: 0

My penis is stuck in the toaster and it's burning!
1. Re:Help! Someone please send help! by Anonymous Coward · 2017-11-08 13:10 · Score: 0
  
  You might try unplugging the toaster.
2. Re:Help! Someone please send help! by Anonymous Coward · 2017-11-08 14:46 · Score: 1
  
  You need to eject or safely remove your penis.
sorry not news by Anonymous Coward · 2017-11-08 12:37 · Score: 0

It's not just USB drivers.
Re: an attacker has physical access to the machin by Anonymous Coward · 2017-11-08 13:19 · Score: 1

I think you're confusing cryptography and steganography..
Every USB Drive can emulate a keyboard by aberglas · 2017-11-08 13:56 · Score: 1

So when you plug in a flash drive, you are giving control of your entire computer to it. Every time. Like when your kids give you a USB with something to print from their virus riddled school.
At least Windows is no longer supposed to automatically execute code it finds on the drive (or CD, if that is what the USB is emulating). But it is *long* over due that I should be able to plug in a USB drive and still be safe. May need special ports. Or a rule that Keyboards are only detected on startup. Etc.
Can we have PS/2 ports back now? by blindseer · 2017-11-08 14:18 · Score: 3, Interesting

I've worked in secure environments and as someone that has obtained security certifications I see all kinds of problems with USB beyond improperly coded drivers. One common practice not that long ago was to disable any USB ports to stop people from plugging in things they weren't supposed to. This was only possible while PS/2 ports for keyboards and mice were still commonplace. (There was also that short period where some Apple computers had both ADB and USB ports.)
I like USB-C. It's quite the improvement over what we've had before. I am a bit concerned on how this affects the security of our devices in the future. Controlling things like someone offering a "charger" for a laptop or cell phone to try to sneak into a device can be managed in many ways. Dedicated ports for video, keyboard, mouse, and even Ethernet had inherent security in that they did only so much which prevented certain security issues. Will all these ports go away and be replaced with USB-C?
Again, I really like USB-C as it adds convenience and capability that nothing else offered before. It also adds security issues that a simple list of "dos and don'ts" cannot cover for many less technically knowledgeable people to follow. Securing computers from many kinds of attacks is going to be an increasingly difficult problem unless we get off this mentality of one port to rule them all.
Maybe we'll see some means to better secure USB. Maybe we'll see computer systems that will allow one to disable anything that is not a HID or power device from being recognized on USB in the firmware. Maybe OS developers will provide better granularity on what USB ports are allowed to do.
Maybe we'll get PS/2 ports back again. Probably not. I do think something has to give. If we can't have the inherent security of feature limited ports then we will need some security through better management of the ports that replace them.

--
I am armed because I am free. I am free because I am armed.
1. Re:Can we have PS/2 ports back now? by AmiMoJo · 2017-11-09 00:54 · Score: 1
  
  PS/2 and USB HID devices are just as much of a security risk, possibly more so. Simply emulate a keyboard and you can type arbitrary commands into the machine. You might even be able to wake it up from sleep mode in the middle of the night.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
2. Re:Can we have PS/2 ports back now? by coofercat · 2017-11-09 01:54 · Score: 1
  
  PS/2 is a security risk? Really - I thought it was pretty safe. Sure, you can plug in a keyboard emulator, but you've still got to get past the login screen to do anything. For you to be able to read back the result of your password cracking, you'd have to decode the VGA signal.
  Given the choice between a USB port or a PS/2 + VGA on the back of a server, PS/2 is the more secure choice. What makes most sense on your laptop is up for a bit more debate, but seeing as that has a screen and keyboard already, I'd say neither would be terribly necessary.
Re: an attacker has physical access to the machin by Anonymous Coward · 2017-11-08 14:51 · Score: 0

Who can ? Affirmative action strikes home maty! You are an HIV+ nibberizing gaffot in California ... blome the job and you can futtbuck any progressive stain. That's Wein...stain ... eh hoser ?
Re: And here is why kernel-embedded stuff is stupi by Anonymous Coward · 2017-11-08 15:58 · Score: 0

So whereâ(TM)s your patch?
Re: an attacker has physical access to the machin by fisted · 2017-11-08 22:16 · Score: 1

Nope, he isn't.

--
CLI paste? paste.pr0.tips!
Re: an attacker has physical access to the machin by Anonymous Coward · 2017-11-09 00:14 · Score: 0

It is rather simple...
If a computer has a disk...
It will either be formatted by the vendor (usually results in known data).
If it is used - then it will contain data.
If it is encrypted... then it will still contain data, just randomized by the encryption.
thus you can determine fairly reliably that it is or is not encrypted...
And who has a disk connected to a computer that doesn't use it?
USB filtering by Anonymous Coward · 2017-11-09 02:57 · Score: 0

Where I worked previously the computers had a piece of software that acted as a USB filter: only devices with specific USB IDs would be permitted. So the keyboard would work, the mouse would work, and a specific make and model of USB memory sticks issued by the company would work. Nothing else would even register if you plugged it in.
That seems like quite a bit of the solution. Of course a sufficiently well motivated attacker could probably find out what kind of USB devices are permitted on your system and produce some custom malhardware that had the right USB ID to get through the filter. But that's expensive. It's not your average hacker kiddy. If your threat model includes threat actors capable of mounting such a complex and bespoke attack against you then your options are significantly different to the average Joe, who doesn't need to be faster than the bear, only faster than the slowest person in the group.
Re: an attacker has physical access to the machin by Anonymous Coward · 2017-11-09 04:48 · Score: 0

Yes, he is. Encrypted data should be indistinguishable from random data.
An unused drive is not typically filled with random bits. Finding a drive full of random bits is a good indication that it's encrypted.
Impolite to talk w/ your mouth full 'Quagmire' by Anonymous Coward · 2017-11-09 05:23 · Score: 0

See subject & as you EAT YOUR WORDS brockmire/QUAGmire https://slashdot.org/comments.pl?sid=10557875&cid=54347839/
* :)
Tell us - how did EATING YOUR WORDS taste?
(A bit like YOUR FOOT IN YOUR MOUTH ramming your empty trolilng words back down your chicken-neck throat washed down by the 'bitter taste of your SELF-defeat vs. myself, as always, lol...)
APK
P.S.=> Lastly -get this straight: You don't give me orders BOY - get over yourself psychopath - you don't "run me", get it? Good (but I run your ass off easily, every SINGLE time, lmao - easily)... apk
I endeavor to do so everyday, but... apk by Anonymous Coward · 2017-11-09 05:26 · Score: 0

See subject: It's moot when YOUR HOST DELETES MY POSTS as he has again here https://tech.slashdot.org/comments.pl?sid=11332773&cid=55516015/, here https://tech.slashdot.org/comments.pl?sid=11332773&threshold=-1&commentsort=0&mode=thread&pid=55515797/ & here today https://tech.slashdot.org/comments.pl?sid=11332773&cid=55515877/
* NOT A FIRST... want more?
APK
P.S.=> Incredible - want to KNOW when you are winning debates? When not only BOGUS unjustifiable downmods are used (I blow by those via unlimited posting ability) but WHEN YOUR POSTS ARE DELETED & yet not defeated by VALID technical fact (Fuck truth: It's relative, facts, are not)... apk
Wasn't it written by that geek gurl? by Anonymous Coward · 2017-11-09 06:42 · Score: 0

Was the USB stuff not written by that nice geek gurl that got so upset that she left after she had to to listen to Mr L's abbrassive rants? Ducks-n-go-hides.
Filter USB? by Herve5 · 2017-11-11 06:31 · Score: 1

With a dongle : http://hexus.net/tech/news/per...
With some Linux 'firewalls' : USBGuard, https://github.com/dkopecek/us... , USBauth, https://github.com/kochstefan/...
Nice paper on LWV, that's still paying this week but will become free after 8 days as usual : https://lwn.net/Articles/73830...
HTH,
Hervé
BTW : anyone in region 06 in France wishing to share shipping costs for the dongle?

--
Herve S.
Re: an attacker has physical access to the machin by fisted · 2017-11-11 07:00 · Score: 1

One solution to that problem is to completely (first to last sector) overwrite the disk with random data, then create a partition table and a legitimate filesystem on top of that, add some legitimate files, map the sectors that constitute free space of that filesystem to a logical contiguous block device, create crypto container on top of that, create filesystem on top of that, mount, enjoy.

--
CLI paste? paste.pr0.tips!
Re: an attacker has physical access to the machin by fisted · 2017-11-11 07:03 · Score: 1

A stack of hard disks sitting next to my computer and containing a total of around 8 TB actual pseudorandom data beg to differ. Also every hard drive that was bought used and sold by someone with a little knowledge.

--
CLI paste? paste.pr0.tips!