> Charge-only cables are also in demand as a security measure for people > wishing to safely charge devices on randomĀ¹ USB ports found out in > the world.
Indeed. I wish my USB cables came with a little switch to control whether to connect the data wires or not (would beat the hell out of trying to remember which cables are power-only and which aren't). > In an ideal world you plug your device into a USB port and if whatever > it is connected to wants to do anything other than negotiate charging > then positive action has to be taken by you. But, software has bugs and > some people want a second level of defence. Not just bugs: I don't know of any OS out there that is even designed to behave like you describe: they all automatically accept to recognize the other end as whichever device (or set of devices) it claims to be. > In the other direction, infiltration has been done by leaving USB sticks > on the floor of the car park and hoping some employee plugs one in to > see what's on it. Some workplaces physically disable USB ports on their > computers because of things like that. Indeed. It may look like a harmless USB key, but it may decide to tell your machine that it's a keyboard+mouse+wificard and start sending made up keyboard/mouse events and whatnot. To bring this discussion back to Debian: does someone here know of a way to configure Debian so it asks for explicit confirmation before accepting new USB devices? === Stefan
