I am worried about this too, because there is no protection.
Could imagine that when inserting a new stick or a keyboard only a short query
with the device type needs to be confirmed. This request can be omitted by
known devices.
This is maybe annoying, but safety first!
--
You received this bu
** Changed in: ubuntu
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1393612
Title:
Protect against BadUSB device
To manage notifications about this bug go to:
https:
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1393612
Title:
Protect against BadUSB device
To manage notifications about this bu
Sadly, the solution is not easy nor obvious. Ubuntu is used in a wide
variety of different ways and many of them do not lend themselves well
to just popping up a dialog box.
Furthermore, the problem is not at all restricted to just devices that
can be reprogrammed to act like keyboards.
A fairly
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: systemd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1393612
Title:
Pr
@ Seth Arnold: Thanks for your comment. In the case of an USB device
acting as a keyboard and for multi-seat machines or remote servers, the
keyboard should simply not be activated (what for?). This security
measure can also be an option available in "Security & Privacy". I agree
that Ubuntu and GN
For the cases of having a multi-function device which also acts as a
keyboard we could potentially ask whether the user really wants to use
it. This just needs to keep in mind that there are many legitimate
devices which look very similar -- headsets often have buttons (which
manifest as evdev devi
Removing package for now, as it's not at all clear how to design this
(at least udev is way too low in the stack to even potentially ask the
user anything).
I'm very sceptical of these approaches. Experience shows that popping up
dialog boxes with security related questions à la "are you sure that
I opened a duplicate thread, in the following link:
https://bugs.launchpad.net/ubuntu/+bug/1590990
The user "Seth Arnold" asked my several questions and I replied to them all.
Here are my answers to his questions:
"- How would a user interact when pluggin
