Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

uniquely identifing USB device

From: Bartosz Trybus <bartryb () gmail com>
Date: Tue, 10 Apr 2012 19:49:19 +0200
Its very easy to emulate any usb stick - to being seen in system as
pendrive, keydrive and so on.
Making values of vendor - model numer, serial number emulation, the answer
is layer drivers.


Of course it's impossible with quite advenced hardcore knowledge of windows
device tree represenation, and the way windows interpretations looks like
for every device in system, but the level of programming needed for doing
something like this is imho basic+ in c++.


Making usb stick as a key code isn't as good way of protecting software as
once can think it is, cause there always way to crack it by emulating stick
or by cracking program itself. Give me your application, ollydbg and 6 pack
of taurine consist energy drink and it will be cracked.


If you wanna make security based on keycard, key-stick, u have to be sure,
that system that will be launching verification application/procedure is
secure - if it is so, all key-verification could be successfully implemented
in company. But, if there is possibility, that at least one pc could be
compromised, or it is possible to launch on it application, that didn't been
allowed by (i dont know, security administrator) or person whose duty is to
monitor (accept/deny) application launching (basing on crc or md5 or many
many more), in such unsecured environment, there's no problem at all to make
emulation of usb-identification device.


Nice idea is for You to make one central computer, and the rest of pc are
only (for example) xp thin clients, and in such situation only central
computer should be secured and monitored for secure identification or data
permission allowing.


unemployed security,
B.T.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: