On Friday 17 October 2014 03:48:48 Greg KH did opine And Gene did reply: > On Thu, Oct 16, 2014 at 08:18:26PM -0400, Gene Heskett wrote: > > On Thursday 16 October 2014 18:28:16 Greg KH did opine > > > > And Gene did reply: > > > On Thu, Oct 16, 2014 at 06:12:48PM -0400, Gene Heskett wrote: > > > > Is there a move afoot to write a checker utility that determines > > > > if the usb device its pointed at is vulnerable, and can > > > > therefore be reliably blacklisted? > > > > > > What do you mean by a "vulnerable" USB device? > > > > Thanks for the reply, Greg. > > > > There is an exploitable error in the usb hardware/firmware, one that > > nearly 100% of the devices have. > > No there isn't, it's a specific design of the device, we have had > devices like this since the 1990's. This is nothing new at all, and > nothing that is a problem. > > > No one ever gave security a seconds thought when writing the usb std. > > As one who helped write a tiny portion of the spec, that's not true at > all. If you have specifics, I would be glad to discuss them. I have a copy of the 1.1 specs, before they put it behind a paywall. I am glad you did have a small hand in it, thanks. > > > As described it is both hardware and firmware that will need to be > > addressed for an effective fix. > > What needs to be "fixed"? > The procedure to update that firmware. > > See: > > > > <http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack > > /> > > > > for an explanation much better than I seem to be doing. It went live > > yesterday. > > The only thing that is "new" is the fact that some people thought that > the firmware of a USB device could not be changed to work like > something else. Again, that's never been true, and is nothing that > "hurts" the operating system. > Agreed, but if when it is plugged in, it goes out and installs a keylogger, now that is harming the user even if the code to do it is 100% nicely written legal code. > thanks, > > greg k-h Thank you Greg. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
