oss-sec mailing list archives

Re: Malicious devices & vulnerabilties

From: Vasiliy Kulikov <segoon () openwall com>
Date: Mon, 9 Jan 2012 16:48:04 +0400

Hi,

On Sun, Jan 08, 2012 at 16:32 -0500, Xi Wang wrote:

On Jan 8, 2012, at 3:19 PM, Eitan Adler wrote:

Computer monitors? Keyboards. Anything you could plug into the
computer without opening up the case.


That makes sense, though it's a little bit strange to say "hey man
plug in this fancy monitor" for an attack, compared to lending a
usb stick. ;-)


As USB device could pretend being almost any external device and fake
its own device ID, sizes and popularity of the device shouldn't limit
the set of untrusted drivers.

Thanks,

--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Current thread:

Malicious devices & vulnerabilties Xi Wang (Jan 07)
- Re: Malicious devices & vulnerabilties Florian Weimer (Jan 08)
  - Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
    - Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 08)
    - Re: Malicious devices & vulnerabilties Ludwig Nussel (Jan 09)
    - Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 09)
  - Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
    - Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)
    - Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
    - Re: Malicious devices & vulnerabilties Vasiliy Kulikov (Jan 09)
    - Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 08)
    - Re: Malicious devices & vulnerabilties Florian Weimer (Jan 09)
    - Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 09)
- Re: Malicious devices & vulnerabilties Greg KH (Jan 08)
  - Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
  - Re: Malicious devices & vulnerabilties Hanno Böck (Jan 08)
    - Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
- Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)