On 14/05/13 18:01, Russell Coker wrote: >> It's been too >> easy, even with Linux [1] (_might_ be okay now, depends on your distro >> and setup) to cause havoc with a rogue USB stick or similar as well. > > How would someone do that? Linux doesn't have a run a program automatically > when device is mounted "feature" unlike Windows.
Read the article -- the exploit targeted the kernel module that handles the USB port. It fetches the USB device's name automatically when you plug something in -- and it turned out there was a buffer overflow available there. _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
