Security Basics mailing list archives
Re: [OWASP-Security101] uniquely identifing USB device
From: Dave Hylands <dhylands () mozilla com>
Date: Tue, 10 Apr 2012 23:50:15 -0700 (PDT)
Hi Erki,
I need to identify a usb stick uniquely and I have been trying to find out weather using just hardwareID is enough? I have heard of a driver that lets you emulate an usb device and set that ID, but quick googleing didn’t give any results. Does anybody know of something like that? Is it possible to (for someone with mediocre hacking skills) to manipulate with these values? Is there a better way to uniquely identify that device?
So here's a page that uses a readily available HW device to spoof VID and PID, and presumably with some minor changes you could spoof any of the other fields as well. http://seclists.org/pauldotcom/2010/q3/111 USB devices are supposed to have unique serial numbers, but not every device has a unique VID/PID/serial (i.e.not all manufacturers actually follow this, and you wind up with devices that are not unique. Also, devices for allowing say an SD card to be used in a USB slot won't necessarily present a unique serial number for different MMC cards. What are you trying to do? Dave Hylands ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: [OWASP-Security101] uniquely identifing USB device Dave Hylands (Apr 11)