If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#51
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogrammingvulnerability)
On 2014-08-02, John Hasler wrote:
William Unruh writes: But since the OS has no way of knowing this is a bugged device, why would it refuse, eg to connect a keyboard? I have often disconnected one keyboard and connected another because of problems for example, or because my laptop's keyboard is useless and I wanted to type on something useable. And if both are already plugged in at boot, which one should it choose? Because it already connected to one keyboard when it booted. |
#52
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogrammingvulnerability)
On 2014-08-02, J. P. Gilliver (John) wrote:
In message , bob mullen "This flaw, dubbed BadUSB by Security Research Labs in Berlin, leverages (I always rate less anything written by anyone who uses the word "dubbed" [other than when describing a knighting!], but let's assume that's just the journalist.) Why? It is just an old form of "named" Why not have various words with shades of difference (the use of dubbed carries the hint of the old kingly renaming someone when making them a knight-- Ie a name give to something in a formal ceremony with a distringly old fashioned air to it. It is a way of taking the mikey out of whoever is doing the naming) |
#53
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
"J. P. Gilliver (John)" writes:
writes: "This flaw, dubbed BadUSB by Security Research Labs in Berlin, leverages (I always rate less anything written by anyone who uses the word "dubbed" [other than when describing a knighting!], but let's assume that's just the journalist.) Better avoid Shakespeare then... -- http://www.greenend.org.uk/rjk/ |
#54
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
In message , Gene E. Bloch
writes: On Sat, 02 Aug 2014 17:10:03 -0500, John Hasler wrote: Gene E. Bloch writes: For debugging (and other) reasons I've connected more than one keyboard to a computer with no ill effects and with no problems using either keyboard. I just meant that the OS should ask permission before connecting to a second keyboard. OK. I got it :-) And I agree. But it's only valid if the asking of permission prompts for a random character, otherwise the badware (!) could just send whatever's expected. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "Usenet is a way of being annoyed by people you otherwise never would have met." - John J. Kinyon |
#55
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
In message , Gene E. Bloch
writes: On Sat, 2 Aug 2014 09:16:31 +0100, J. P. Gilliver (John) wrote: "This flaw, dubbed BadUSB by Security Research Labs in Berlin, leverages (I always rate less anything written by anyone who uses the word "dubbed" [other than when describing a knighting!], but let's assume that's just the journalist.) Copied from http://dictionary.reference.com/ dub 1 [duhb] Show IPA verb (used with object), dubbed, dub·bing. (Not sure what that bit was about. Presumably there's some significance to the "1" not having a "." after it as below.) 1. to invest with any name, character, dignity, or title; style; name; call: He was dubbed a hero. Have you ever heard anyone, other than in print or giving a speech or something, actually use the word in that way? 2. to strike lightly with a sword in the ceremony of conferring knighthood; make, or designate as, a knight: The king dubbed him a knight. [...] -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "Usenet is a way of being annoyed by people you otherwise never would have met." - John J. Kinyon |
#56
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
In message
wwvlhr681kn.fsf@l1AntVDjLrnP7Td3DQJ8ynzIq3lJMueXf 87AxnpFoA.invalid, Richard Kettlewell writes: "J. P. Gilliver (John)" writes: writes: "This flaw, dubbed BadUSB by Security Research Labs in Berlin, leverages (I always rate less anything written by anyone who uses the word "dubbed" [other than when describing a knighting!], but let's assume that's just the journalist.) Better avoid Shakespeare then... I do try to, wherever I can; his Mafia held sway for sufficiently long in the English Literature world that it's quite difficult to do so, though. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "Usenet is a way of being annoyed by people you otherwise never would have met." - John J. Kinyon |
#57
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogrammingvulnerability)
On Sat, 02 Aug 2014 17:28:13 -0400, Paul wrote:
David W. Hodgins wrote: On Sat, 02 Aug 2014 11:36:50 -0400, John Hasler wrote: David W. Hodgins writes: A usb controller is a pci device, so has dma access. A controller does. A device plugged into it does not, any more than does a device at the other end of an ethernet cable. According to Bruce Schneier, a well known security expert, they can https://www.schneier.com/blog/archiv...g_compute.html That is Autoruns, and not DMA. Read it again ... and the ability of peripherals to use something called direct memory access (DMA). ... is the result of a design flaw that's likely to be with us for many years to come If a usb device could not access dma, then usb external hard drives would be painfully slow, since they would be suck in pio mode. Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.) |
#58
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
William Unruh writes:
I have often disconnected one keyboard and connected another because of problems for example, or because my laptop's keyboard is useless and I wanted to type on something useable. You should have to reboot, though I suppose it might be ok if the OS just detected that you went from one keyboard to none and back to one and therefor just replaced the keyboard. It should still require you to log in again. And if both are already plugged in at boot, which one should it choose? Neither. The OS should print a message telling you to disconnect the extra keyboard and reboot. At the least the OS should not accept any commands from a new or second keyboard until a user has logged in via that keyboard. -- John Hasler Dancing Horse Hill Elmwood, WI USA |
#59
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
J. P. Gilliver writes:
But it's only valid if the asking of permission prompts for a random character, otherwise the badware (!) could just send whatever's expected. The user's password is what should be expected. -- John Hasler Dancing Horse Hill Elmwood, WI USA |
#60
|
|||
|
|||
BadUSB security flaw (massive undetectible USB reprogramming vulnerability)
I wrote:
The user's password is what should be expected. When a second keyboard appears the OS should only connect to it after having been given permission via the already-connected keyboard, of course. Thus it doesn't matter what characters the second keyboard attempts to send. -- John Hasler Dancing Horse Hill Elmwood, WI USA |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WMF Vulnerability | Arthur Entlich | Printers | 16 | January 7th 06 04:16 PM |
Symantec Norton Antivirus Security Flaw (Personal and Corporate editions) | Christopher Muto | Dell Computers | 3 | December 24th 05 01:29 AM |
security flaw in hyper threading | Ed Zeppelin | Intel | 4 | May 27th 05 03:47 AM |
Reprogramming an Epson printer | Sion Morris | Printers | 5 | January 14th 05 04:39 PM |
Reprogramming chip on epson T29 & T28 | brane_ded | Printers | 1 | July 3rd 03 10:11 PM |