Re: [Hampshire] [OT] Saturday afternoon paranoia
> One [1] suggests that USB hardware can be used as a Trojan horse to > steal your data. I don't know if this is flawed research or flawed reporting, but the article leaves a very misleading impression. The researcher has correctly identified that there is an explicit trust relationship between the OS and the hardware plugged into a USB port; the identifiers handed over during the handshake are trusted as true. If you're a military researcher - as these guys seem to be - then that's probably the sort of thing that warrants investigation. But what is to be gained from spoofing these identifiers? Simply that the wrong driver is used to attempt to handle the device. And here's where the article becomes misleading: USB devices do not inject driver code, they use driver code that is already on the computer. Certain OSes prompt for drivers if nothing suitable is already installed, others just ignore the problem (and the device). So to get malware onto the system, the driver installation route must be compromised, as that is the only way for code to be placed onto the machine. Spoofing identifiers does give a potential attacker a better choice of poor drivers to attempt to break - but the problem there is still in code quality, not in system security. If drivers are written well in the first place, a malfunctioning / nefarious piece of USB hardware should not be able to bring the box down. And, of course, strange devices are likely to be reported to the user - that is likely to lead to discovery of the attack. The details of their experiments are somewhat scant, but for them to have had the successes they claim, either they deliberately loaded compromised drivers, or they were running drivers that are easily compromised. The first of these is easily discounted - it's hardly a feat to compromise a box when you deliberately load the compromise yourself - and the latter is just the usual noise about shoddy driver code. Guess how much sleep I'm going to lose over this article... Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] [OT] Saturday afternoon paranoia
interesting to see the range of opinions in the NS articles' comments, regarding the 'rights and wrongs' of the reaearch being disclosed. On 04/07/2010, Anton Piatek wrote: > On 3 July 2010 17:17, Dr A. J. Trickett wrote: >> >>> One [1] suggests that USB hardware can be used as a Trojan horse to >>> steal your data. >> >> It's possible. Though there are probably easier ways to steal data. > > I was wondering about this - but what device would it have to identify > as in order to have a driver load that reads data from the OS? Surely > the security flaw here is purely with any drivers that allow a USB > device to read system activity. I would hope any device that has such > drivers would need to be explicitly configured after plugging in... > > If you wanted to hack something by plugging in a USB device, then > surely nobody will notice an extra USB dongle hanging out the back of > their PC (A colleague at work certainly didn't notice the extra mouse > going to the next desk, which allowed weeks of fun as you "tweak" his > computer usage by occasionally moving his mouse around or scrolling > unexpectedly) > > Anton > -- > Anton Piatek > email: an...@piatek.co.uk > blog/photos: http://www.strangeparty.com > pgp: [74B1FA37] (http://www.strangeparty.com/anton.asc) > fingerprint: 7401 96D3 E037 2F8F 5965 A358 4046 71FD 74B1 FA37 > > No trees were destroyed in the sending of this message, however, a > significant number of electrons were terribly inconvenienced. > > -- > Please post to: Hampshire@mailman.lug.org.uk > Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire > LUG URL: http://www.hantslug.org.uk > -- > -- regards, Victor Churchill The Software Shack, Ltd -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Lucid network manager
On 04/07/10 10:06, Rob Malpass wrote: > *From:* hampshire-boun...@mailman.lug.org.uk > [mailto:hampshire-boun...@mailman.lug.org.uk] *On Behalf Of *Jan Henkins > *Sent:* 03 July 2010 19:45 > *To:* Hampshire LUG Discussion List > *Subject:* Re: [Hampshire] Lucid network manager > > Thanks for your advice but I’m afraid one of the commands doesn’t work > for me – and I’ve never been too hot with the route command... Here’s > what happened: > > r...@gough:~$ sudo route del default gw That should be just sudo route del default cheers Chris -- Chris Dennis cgden...@btinternet.com Fordingbridge, Hampshire, UK -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
[Hampshire] suggest a laptop
I am looking for a light weight laptop which is powerfull and also is supported in GNU/linux ( hopes for all free drivers) It would be nice if the laptop could run compiz + openoffice+ firefox( 10 tabs +gmail) without any delays . Regards, Pavithran -- pavithran sakamuri -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
Re: [Hampshire] Lucid network manager
From: hampshire-boun...@mailman.lug.org.uk
[mailto:hampshire-boun...@mailman.lug.org.uk] On Behalf Of Jan Henkins
Sent: 03 July 2010 19:45
To: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Lucid network manager
Thanks for your advice but I'm afraid one of the commands doesn't work for
me - and I've never been too hot with the route command... Here's what
happened:
r...@gough:~$ sudo route del default gw
Usage: inet_route [-vF] del {-host|-net} Target[/prefix] [gw Gw] [metric M]
[[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [gw Gw] [metric M]
[netmask N] [mss Mss] [window W] [irtt I]
[mod] [dyn] [reinstate] [[dev] If]
inet_route [-vF] add {-host|-net} Target[/prefix] [metric M] reject
inet_route [-FC] flush NOT supported
The other commands do work - but not this one. Grateful for any help.
Cheers
Rob
--
Please post to: Hampshire@mailman.lug.org.uk
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.org.uk
--
Re: [Hampshire] [OT] Saturday afternoon paranoia
On 3 July 2010 17:17, Dr A. J. Trickett wrote: > >> One [1] suggests that USB hardware can be used as a Trojan horse to >> steal your data. > > It's possible. Though there are probably easier ways to steal data. I was wondering about this - but what device would it have to identify as in order to have a driver load that reads data from the OS? Surely the security flaw here is purely with any drivers that allow a USB device to read system activity. I would hope any device that has such drivers would need to be explicitly configured after plugging in... If you wanted to hack something by plugging in a USB device, then surely nobody will notice an extra USB dongle hanging out the back of their PC (A colleague at work certainly didn't notice the extra mouse going to the next desk, which allowed weeks of fun as you "tweak" his computer usage by occasionally moving his mouse around or scrolling unexpectedly) Anton -- Anton Piatek email: an...@piatek.co.uk blog/photos:http://www.strangeparty.com pgp: [74B1FA37] (http://www.strangeparty.com/anton.asc) fingerprint: 7401 96D3 E037 2F8F 5965 A358 4046 71FD 74B1 FA37 No trees were destroyed in the sending of this message, however, a significant number of electrons were terribly inconvenienced. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --
