On Thursday 16 October 2014 18:28:16 Greg KH did opine And Gene did reply: > On Thu, Oct 16, 2014 at 06:12:48PM -0400, Gene Heskett wrote: > > Is there a move afoot to write a checker utility that determines if > > the usb device its pointed at is vulnerable, and can therefore be > > reliably blacklisted? > > What do you mean by a "vulnerable" USB device? Thanks for the reply, Greg. There is an exploitable error in the usb hardware/firmware, one that nearly 100% of the devices have. No one ever gave security a seconds thought when writing the usb std. As described it is both hardware and firmware that will need to be addressed for an effective fix. See: <http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/> for an explanation much better than I seem to be doing. It went live yesterday. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
