Marek Marczykowski-Górecki: > If you (or someone else) plug a malicious USB device that will exploit > some bug in one of million USB device drivers, it can do whatever it > want with the other USB devices on the same bus. And if that USB > controller live in dom0, it's game over even without injecting malicious > keystrokes. > PS/2 is much better, because you can't connect anything else than input > devices there, and attack surface is much smaller.
After having read the entirety of the PC security paper Joanna wrote a while back, I was shocked to see how poor PC security really is. I found it one of the most profound papers I've ever read. As far as I'm concerned, it should be required reading for anyone capable of understanding even the basics. What you wrote reminds me of that feeling and how wide open and vulnerable things really are for those that know what they're doing. It's amazing to me things have been "allowed" to get this bad. All genuine efforts into making things better are very much appreciated and needed by all of us. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nqcosk%24rm2%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
