oss-sec mailing list archives
Re: BadUSB discussion
From: Greg KH <greg () kroah com>
Date: Fri, 8 Aug 2014 08:18:21 -0700
On Fri, Aug 08, 2014 at 07:00:00PM +0400, gremlin () gremlin ru wrote:
That means, every device after being detected by the system must be explicitly activated by some human activity. Yes, users may and, most likely, will be fooled to do that (as they are fooled to connect the attacker's device), but this activation will at least make the use of untrusted devices more difficult.
How can I activate a USB keyboard (the only input device attached to the system), with the USB keyboard that I plugged into it? Fun times... Again, fix the real problem here, if there is one, don't try to throw "is this device ok to use" dialogs up, they just annoy people and don't do anything. Oh, and if you want, you can disable all USB devices on your Linux system by default, and only "authorize" them explicitly if you programatically think they should be enabled. We have had support in the kernel for that for years now, but very few people actually use it. So the tools to do this are already there, why aren't you using them? :) greg k-h
Current thread:
- Re: BadUSB discussion, (continued)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
- Re: BadUSB discussion Vincent Lefevre (Aug 14)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion John Haxby (Aug 08)
- Re: BadUSB discussion Rich Felker (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Willy Tarreau (Aug 09)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
- Re: BadUSB discussion Willy Tarreau (Aug 09)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion (GalaxyMaster) (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)