Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Hardware

System Exploitable With USB 310

Anonymous Coward writes "Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device." From the article: "The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems, including Windows XP and Windows 2000, said Caleb Sima, chief technology officer and founder of SPI Dynamics."
This discussion has been archived. No new comments can be posted.

System Exploitable With USB

Comments Filter:
  • Tonight at 11: (Score:5, Insightful)

    by ZxCv ( 6138 ) on Sunday July 24, 2005 @05:31AM (#13148661) Homepage
    Computers with physical access are susceptible to "unintended root-level access".
    • Flaws found in device drivers shipped with Windows, Microsoft recommends upgrading to Vista!
    • Re:Tonight at 11: (Score:3, Insightful)

      by tpgp ( 48001 )
      Computers with physical access are susceptible to "unintended root-level access".

      Yep. Got boot? You've got root.

      That said however, the Operating System should at least try to protect sensitive data - make it so the attacker is going to have to pull that hard drive out of the box & mount it from another machine to try & brute-force the password file (or whatever)

      There is no need to make it as easy as plugging in a USB device....
      • This is not actually true. Most BIOS' can refuse to be configured without a password, so they go straight to boot loader. Then the bootloader is configured to prevent any choosing of options, etc and goes straight to kernel, which then goes to login.

        There, boot but no root.

        One should ensure that all cables cannot be removed. In fact, one should ensure that all cables go from one flush surface to another, in plain view of the user. so there is no way any sniffers can be added. And make sure that the comput
    • by glottis5 ( 897091 ) on Sunday July 24, 2005 @05:46AM (#13148706)
      Instead of exploiting this flaw, why not just hit the computer with a hammer or something? This seems rather impractical.
    • by raehl ( 609729 ) <(moc.oohay) (ta) (113lhear)> on Sunday July 24, 2005 @05:52AM (#13148728) Homepage
      Given enough time and resources, I have physical access to anything. If your computer is in a locked case, is that physically secure? In a lab that is always staffed? Behind a locked door? With a guard?

      For many situations, a computer with a locked case in a room that is staffed is considered "physically secure", as it's not likely that you'll break the physical security (lock on the case) without attracting the attention of the staff. Hell, even a computer in a staffed room in a case that has screws on it is fairly physically secure. The USB problem circumvents the physical security.

      Security is all about deterrent. My apartment has a dead bolt lock on the door. Does this mean it's impossible to break into my apartment? Of course not - it just makes it harder.

      Being able to break security on a locked computer with a USB drive is like leaving the key to your apartment under your door mat.
      • by Minupla ( 62455 ) <minupla@gmail . c om> on Sunday July 24, 2005 @06:11AM (#13148769) Homepage Journal
        Security is all about deterrent.

        Actually, security in this case is about doing a calculation of the worth of what it is you're protecting against the cost (be it a cost in terms of cash for access controls, or a cost in terms of user convience and system functionality) of the security. I've seen financial instituations who had all their workstations in a central computer room and just ran KVM terminals to each desk. The server room looked more like a vault. It was important to them to keep the workstations secure. On the other hand if you're a library and your only trying to keep them secure so that you don't have to reinstalls every week because some 12 yr old types cat /dev/random > /dev/hda & well then a locked box is probably all you need.

        It's just like insurence really, you sit down and calculate how much your information is worth. After you do that, you put into place access controls equal or greater then the value.

        Min
        • On the other hand if you're a library and your only trying to keep them secure so that you don't have to reinstalls every week because some 12 yr old types cat /dev/random > /dev/hda & well then a locked box is probably all you need.

          Reinstall every week? Better to reinstall for every user, like Laptop Lane [wayport.net] does. After each rental user logs off, the machine is reimaged from a hidden location (probably an image on a local server, though it happens after the renter leaves the cubicle, so I couldn'

      • My apartment has a dead bolt lock on the door. Does this mean it's impossible to break into my apartment? Of course not - it just makes it harder.
        Being able to break security on a locked computer with a USB drive is like leaving the key to your apartment under your door mat.


        Taking the analogy further it's actually more like buying an apartment with a deadlock from a disreputable source (No, not just Microsoft) who always leave a key under the mat without telling you. 1 savvy burglar and the whole buildi
      • No, your analogy doesn't hold.

        You have to place that key under the mat. You're actively thwarting your security for conveinence. If you feel that security needs tightening, you'll have the option of removing that key and not providing the conveinence anymore.

        Some labs that care about USB security don't hook up the USB ports to the motherboard. That's a good simple solution, until you require a USB device. It used to be that you could get along without USB devices very easily, but with the (thank goodn
  • Similar problems... (Score:4, Informative)

    by JamesD_UK ( 721413 ) on Sunday July 24, 2005 @05:33AM (#13148663) Homepage
    This is similar to an early security flaw in windows though I forget precisely which Windows versions it was, 95 and earlier I suspect. It was possible to write a program that would autorun from an inserted CD and copy the screen saver password file to a floppy from where it could be later cracked at leisure.
    • by jonadab ( 583620 )
      > This is similar to an early security flaw in windows though I forget
      > precisely which Windows versions it was, 95 and earlier I suspect. It was
      > possible to write a program that would autorun from an inserted CD and copy
      > the screen saver password file to a floppy from where it could be later
      > cracked at leisure.

      If you're physically at the computer, you can reboot it and hit escape at the login prompt (or any number of other possibilities). Windows XP makes this rather harder than it was
      • Except that someone might have noticed their Windows 95 system being rebooted... oh *wait* :-)
        • by jonadab ( 583620 ) on Sunday July 24, 2005 @08:13AM (#13149060) Homepage Journal
          > Except that someone might have noticed their Windows 95 system
          > being rebooted... oh *wait* :-)

          Exactly. They might notice, but nobody's going to bat an eye. Frankly, most folks wouldn't bat an eye if they saw WinXP being rebooted either, not because it's necessary nearly as often but because people do it constantly anyway, because they've been conditioned that way. About half the population instinctively reboots at the first sign of abnormality, e.g., if the website they're trying to visit doesn't resolve because they mistyped the URI. It's likely to take a very long time for this expectation to change.
  • by gunpowda ( 825571 ) on Sunday July 24, 2005 @05:34AM (#13148666)
    Who's actually to blame?

    From the summary and the article:

    Vulnerabilities in USB drivers for Windows...The buffer-overflow flaw is in device drivers that Windows loads...running Windows 32-bit operating systems, including Windows XP and Windows 2000...

    The article then goes on to say:

    However, the flaw is with USB, not Windows, said David Dewey, a research engineer at SPI.

    • The fault in USB is that the device supplies it's own ID (which is reasonable),
      if you RTFA you will see they say the problem is in the drivers
      drivers often do not verify data correctly and always run with system level privileges,
      meaning you just need to find one driver that is installed by default (or auto installed) to attack the system.
    • by l3v1 ( 787564 ) on Sunday July 24, 2005 @05:46AM (#13148704)
      Yeah, right, good ol' MS way: it's not the software's fault, it's not Windows's fault, it's USB's fault. We makes ze great softwere, you makes ze bad hardwere.

    • by Andy_R ( 114137 ) on Sunday July 24, 2005 @05:51AM (#13148723) Homepage Journal
      Well there's an easy way to find out... try the exploit on OSX and Linux. I think it's quite significant that the article completely fails to mention any OS other than Windows.

      In a way, I hope the identical problem is present in all of Win/Lin/OSX, as it would give us a very nice way to compare how good and quick the fixes are. I'm not too worried that Microsoft have a headstart on a fix :-)
    • by Teun ( 17872 ) on Sunday July 24, 2005 @05:52AM (#13148729)
      And a little further into TFA:

      Best of all, for attackers, the device drivers run with System-level privileges, giving an attacker full control of the host system once the exploit has been triggered. SPI tested attacks on Windows systems, but any operating system that is USB-compliant is probably vulnerable, he said.

    • by Linus Torvaalds ( 876626 ) on Sunday July 24, 2005 @05:57AM (#13148741)

      If it's a buffer overflow, then it's a software bug, not a problem with USB per se.

      If it's a vulnerability in a driver, then it doesn't matter if Microsoft didn't write the driver, if they ship it with Windows, they are responsible for it. There's no useful distinction between "Windows" and the drivers that ship as part of Windows.

    • So that means that it DOES run on linux? yay!...err Sorry, had to be done :)
    • by ocelotbob ( 173602 ) <ocelot.ocelotbob@org> on Sunday July 24, 2005 @06:02AM (#13148749) Homepage
      The flaw is with drivers within windows, not the USB protocol. USB does its job, it says, "hey, I got this device on the server, its name is 8086:3429 and its a high speed device. Windows says, "okay, yeah, whatever" and starts accepting data. Unfortunately, drivers are an area where secure programming really hasn't caught on as well as it should, after all, their hardware never misbehaves and starts spewing out nonsense, right? ;3
    • However, the flaw is with USB, not Windows,

      Blaming USB for a privilege escalation is like blaming Ethernet for someone 0wning your box.

  • Really, how serious a threat is this? If someone has unrestricted physical access to your machine then you're already in serious trouble. We all know how breakable the NTFS file encryption is, so if they really want to get at your files, they can just reboot into Fedora from a CD, or run any other tool that circumvents the encryption. If they just want to destroy data then you can put a hammer through the hard drive, and no OS can prevent that... So, I'm not saying that this vulnerability shouldn't be fixed
    • When the system boots from a CD you don't need such complicated methods.
      But of course a locked-down system won't boot from CD.
      • BIOS? No problem, pop the reset jumper on the motherboard, and all the BIOS settings, including password and boot restrictions, are gone. When someone has physical access, they can get root/admin, if given the time. Our UNIX admin always maintains this philsophy, that anyone who has access to our servers can get root on them. So our security is not designed to make that impossible, but to make it hard enough and watched enough that we notice when someone tries it, and can go any confront them.
        • Same with workstations: when someone opens the case and/or resets the BIOS settings you will get an alert and can go after it.
          Usually the problem is not that someone can get access to the system. You only want to protect against doing that without being detected.
    • Correction: There is ONE OS that can prevent you from gaining physical access to the machine. This os is HAL.

      Grump
    • ACtually I was under the impression that NTFS encryption was unbroken. I think it uses strong encryption, and stores the keys in your account, encrypted with your password. I could be wrong, but I believe it's quite secure. This hack is about unlocking a workstation, not about breaking the file security.
      • Correct. If NTFS is unencrypted, the computer is easy to compromise - you can just boot from a tool CD and modify/insert usernames/passwords.

        However, if the system partition is actually encrypted, there is very little you can do without NSA-grade bruteforcing.
    • by MichaelSmith ( 789609 ) on Sunday July 24, 2005 @05:49AM (#13148717) Homepage Journal
      If someone has unrestricted physical access to your machine then you're already in serious trouble.

      How about this: I lend my usb key to you so that you can transfer a file. While connected to your system the usb device cracks the security on your windows box and grabs the information I was looking for.

      I don't need access to your system for that to work. I don't even have to know where it is. I have a usb key/mp3 player device which will let me reflash the firmware, so perhaps I could put the exploit in that way.

      • Just stick your usb into my infected computer and get your key infected too. This worked fine in pre-internet days with diskettes, so we'll see some new worms with this capability -- quite dangerous, because there are many networks that cannot upgrade their windows for various reasons like running legacy software but firewalled or simply disconnected from the internet.
    • by Scoria ( 264473 )
      Really, how serious a threat is this? If someone has unrestricted physical access to your machine then you're already in serious trouble.

      Surprise, it's just a little more sensationalism at eWeek. If this weren't somehow related to Microsoft Windows, then it might not have been given a front page reference here at Slashdot. Corporate espionage and cyberterrorism, oh my!

      Perhaps it's intended to evoke an image of a man standing at a workstation and inserting a USB device that automatically captures all of t
    • Really, how serious a threat is this? If someone has unrestricted physical access to your machine then you're already in serious trouble.

      Plugging in a USB device isn't unrestricted physical access. With USB memory sticks basically replacing floppy disks, this is a serious threat. Especially in places like universities that have fairly restricted workstations, messing around with a computer's case, or plugigng into ethernet would be immedeately obvious. Plugging in a USB device, getting administrator righ
    • Okay, how many of you are thinking of a modified USB device that in a ten-second transaction gains root access and installs some finely tuned malware (a keylogger, a packet sniffer, some "communications" software)?
      You'd slip it in, take it out, and wait for it to "phone home"-- or have it collect data silently until you attached a USB collection device.
      What are the vulnerabilities?
      A) public computers: not just university computer labs and libraries, but kiosks in shopping malls, airports, you name it. Look
    • We all know how breakable the NTFS file encryption is ...

      We do?

      ... so if they really want to get at your files, they can just reboot into Fedora from a CD, or run any other tool that circumvents the encryption ...

      Circumvents the encryption? Dear Lord, and how would that be done? Without a recovery key the data remains encrypted.

      does anyone else think Slashdot should have a special section for buffer overflows?

      No, but a section for grossly-uniformed comments would seem in order.
    • > If someone has unrestricted physical access to your machine then you're already in serious trouble.

      That's true, but what about if someone has *restricted* physical access. So they can bring their own data to work on but other than that only run the programs that you set with the privileges that you set. For starters, these USB drivers should be moved to user space. Indeed FUSE should help here for Linux.
  • by pH03n1X ( 859019 ) on Sunday July 24, 2005 @05:36AM (#13148675)
    'plug and play' hacking .....
  • Be Careful! (Score:4, Funny)

    by Neticulous ( 900423 ) on Sunday July 24, 2005 @05:39AM (#13148684)
    "What would be funny is if Vista had this bug when it shipped..." Hey there, this is microsoft, in order for us to not get sued we need you to use "Windows" in cojuction with the word "Vista". So please kindly edit your post, you wouldnt want us to get sued, would you? darling? sweety?
  • Not new idea (Score:5, Interesting)

    by makomk ( 752139 ) on Sunday July 24, 2005 @05:42AM (#13148692) Journal
    Oddly enough, this isn't a particularly new idea. The Xbox Linux project considered the possibility of using a specially-designed USB device to run code on the Xbox, though I don't think they managed to find a suitable vunerability to exploit (unlike now). I wonder if this works for the Xbox, actually - it's Windows 2000 based IIRC...
  • by jiushao ( 898575 ) on Sunday July 24, 2005 @05:44AM (#13148695)
    This is just a report about the general issue that all USB drivers have to be secure or a hardware device can be made to exploit the machine. It is in no way about Windows, but actually about any operating system than implements USB.

    Sadly enough it is not at all suprising that Slashdot immediately goes for the anti-Windows slant rather than actually reading and comprehending the article and exploit in question. Too few actual axploits in Windows as of late to get up to the required quota perhaps?

    In a more direct comment about the "exploit" I don't consider it terribly important, hardware access leads to a lot of trivial expoits. This one can be made more user-friendly than most with appropriate hardware, but it is not really worse than just inserting a boot CD that copies the relevant data to a secure server or so. It can also of course easily be fixed by disallowing loading of USB drivers without confirmation from the user.

    • It is an article about an exploit in the Windows drivers for USB, the article itself is entitled "USB Devices Can Crack Windows". In fact I don't see any anti-windows slant in the slashdot summary other than a statement of the facts and a direct quotation of the article.

      As to the lack of actual exploits in Windows, perhaps you should read the news [google.com]. There's been *many* exploits that slashdot has simply ignored.

      For your third paragraph, you're full of shit and don't understand the exploit in question.
    • This is just a report about the general issue that all USB drivers have to be secure or a hardware device can be made to exploit the machine.

      There's many specifications (IPV4 springs to mind) that weren't designed with security in mind. It's the responsibility of the OS writers to design their OS to handle such insecurities. There's nothing in the USB specs that say that the OS must run the USB driver at ring 0.

      It is in no way about Windows, but actually about any operating system than implements USB
  • Scary. (Score:5, Insightful)

    by oberondarksoul ( 723118 ) on Sunday July 24, 2005 @05:45AM (#13148697) Homepage

    USB flash drives are already quite highly accepted amongst non-technical users; both my parents have bought pendrives, as have many of my friends. They're quite comfortable with just popping in the drive, waiting for the OS to see it, and grabbing files off it.

    So, what if someone handed them a pendrive and asked them to grab some files from it, and it turns out that this pendrive would cause an attack like this? One could be switched by a black-hat, or planted, or mailed... put simply, the attacker wouldn't need physical access, just access to someone who does.

    • How about if someone just hands them a pen drive and says "Double-click on the Readme.exe file"? Seems like a lot less work to me.

      • Not that I really disagree (I think this is all somewhat of a non-issue), but seeing how this is an error in a system software, exploiting a buffer overflow might lead to a security escalation, ie you might "get root". The user can only run an application within the context of his or her own account, barring other exploits anyway.
      • seems like writing an autorun.inf would be easier to me.. and telling them if it doesn't work to 'double click readme' because you know extentions are turned off by the desktop.ini you wrote for the pendrive..

      • Not exactly. The "readme.exe" attack can be mitigated by not running as root or Administrator. The USB attack grabs a driver, and so already has full kernel access.
    • Re:Scary. (Score:4, Insightful)

      by Rich0 ( 548339 ) on Sunday July 24, 2005 @07:31AM (#13148939) Homepage
      Better still - nice envelope with a letter on authentic-looking stationary and a USB drive inside.

      The letter says - dear information computing professional, MS would like you to test-drive our latest (insert name of fancy software package here). The enclosed demo will not interfere with any of your existing software, and as a thank-you for trying out our newest offering you can keep this handy 128MB USB drive. Feel free to pass along to your colleages as well.

      At work we get demo CDs all the time for various expensive software applications. If you want to do some real industrial espionage send google a USB drive with the latest open source code-profiling tool, or Pfizer a flashy-looking clinical data analysis tool, or whatever.

      Do the whole thing in flash so that it looks like something as high-tech as what you'd see in star trek (it isn't like you actually have to write the algorithm - just an animation). It will get passed all over the place to countless managers. And in most companies you can't give a worker-bee access to a system without giving it to their manager, so you have countless management drones with access to systems they never even look at, but your newly-introduced worm can poke around freely...
      • The letter says - dear information computing professional, MS would like you to test-drive our latest (insert name of fancy software package here). The enclosed demo will not interfere with any of your existing software, and as a thank-you for trying out our newest offering you can keep this handy 128MB USB drive. Feel free to pass along to your colleages as well.

        ...or you could save yourself a few bucks and ship them a trojanized binary on CD, if they're going to be running your code anyhow.

  • Ya, if you throw them hard enough XD
  • Firewire and Linux (Score:5, Informative)

    by wertarbyte ( 811674 ) on Sunday July 24, 2005 @05:46AM (#13148705) Homepage
    This reminds me of the vulnerabilities discovered in linux (and other systems) concerning firewire; Since Firewire devices can read and write directly to the computers memory, you can do some nasty stuff. The issues are documented on the website of the german CCC: http://www.ccc.de/congress/2004/fahrplan/event/14. de.html [www.ccc.de]
  • Buffer Overflows (Score:2, Interesting)

    by Jessta ( 666101 )
    How come these things still happen? Lazy programmers? Crappy x86 archtecture? These self-created problems should still be around.
  • BIos option (Score:2, Interesting)

    by ObitMan ( 550793 )
    A bios option to diable USB would be nice. especially in an enviroment that doesn't need USB for anything.
    A lot of systems do not have the option.
    • Actually, every motherboard BIOS I've seen have the option to disable USB.

      And to just disable the 'front panel' easy access USBs, just yank the cables out of the motherboard :)
      • In addition to this, I don't see the problem in disabling the whole USB controller from an administrator account. What I wonder is if the Windows group policies for hardware setup could be used to stop this.
  • Problem is with USB? (Score:2, Interesting)

    by Spoukie ( 775267 )
    If the problem truly lies in the USB standard, wouldn't other operating systems that implement USB also be affected? "multi latform exploit" ... kinda makes you just wanna drop your other projects and get to coding that proof of concept doesn't it?
  • Trojan Flash (Score:3, Interesting)

    by putko ( 753330 ) on Sunday July 24, 2005 @06:21AM (#13148783) Homepage Journal
    So you could hack up USB device (e.g. a flash), send it to a company, and kaboom.

    Or leave a few lying around at Starbucks (like the exploding toy-like objects the Soviets dropped on Afghanistan).

  • Seems Fishy... (Score:4, Interesting)

    by verbatim_verbose ( 411803 ) on Sunday July 24, 2005 @06:27AM (#13148791)
    I really wouldn't give these guys the publicity at this point.

    They haven't explained what the problem really is, to us, or even filed a report with Microsoft.

    They also claim that any OS is vulnerable, though it's only been tested with Windows drivers.

    The whole thing just stinks of someone wanting publicity or setting up to try to sell some protection software.
  • Nothing new... (Score:2, Interesting)

    Ive known that most any system that can boot from usb was vulnerable for at least a year now. I keep DSL [damnsmalllinux.org] on my thumbdrive and need to get it onto my ipod shuffle now too.
  • So, in theory, a virus or a backdoor could be installed via hardware? Plug in your new USB mouse and your system is compromised... nice one.
  • The article does make an excellent point: any hot-pluggable device (USB, Firewire, PCMCIA, etc) is a potential attack vector if it is possible for a malicious device to expolit vulnerabilities in the host operating system's drivers. An attacker could exploit this weakness to extract data from a locked workstation without leaving any obvious evidence.

    That said, any buffer-overflow vulnerabilities in the USB/Firewire/PCMCIA/whatever drivers are problems with the operating system itself.

    I can't wait to see a

  • by Lumpy ( 12016 )
    a usb dongle with a knoppix on it, a knoppix CD a linux boot floppy, dude, if I have physical access to your machine I dont care what the OS is doing, the data inside is fracking mine.

    hell I have a linux laptop and a usb-IDE cable. I'll simply pry open the case, pop the cable off your drive, put it on the USB device and then dump the data off to my laptop if all other attacks fail.

    the ONLY way to protect your data is to have it encrypted on the drive. those encryption sleds for hard drives are a good sta
  • ummm. (Score:3, Informative)

    by jav1231 ( 539129 ) on Sunday July 24, 2005 @07:07AM (#13148873)
    If you get close enough to plug in a USB device, you're close enough to boot it to a crack CD and a) wipe the system b) blank the admin password c) take all the data (and copy it to a USB device.
    • Unless the system doesn't boot from CD by default (like all the computers where I work) and you need a BIOS password to change the option (like all the computers where I work) and the case is locked so it isn't easy to reset the bios (like all the computeres where I work).

      So, how would you boot from CD now?
  • This is not true unless you let users install drivers themselves. Any reasonable administrator have allready blocked this in their default windows installation!
  • now i can convince my wife she can be a hacker too

    me: "yes honey....just plug this device over here.....yup..u just hacked the system...congrats"
    she: "this is l33t"
  • It seems obvious that this can affect any OS, and is due to the poor design of USB- If a device posts a number, then the system assumes it's such-and-such, and loads the driver. Which probably has bugs. So, how do We (that is Open Source system developers) deal with this?
    Of course 1. is to make sure that all drivers in our trees have no overflow bugs. Or any others, or course. This takes work, but we now know that it is needed. You cannot trust any info that a USB device gives us. Shoulda known.
    Of course, s
  • Lets see... You have physcial access to the machine and you can exploit it.. Wow. thats really news. *yawn*
  • Original URL:
    http://www.theregister.co.uk/2005/05/27/device_dr i ver_flaws/ [theregister.co.uk] Device drivers filled with flaws
    By Robert Lemos, SecurityFocus (tips at securityfocus.com)
    Published Friday 27th May 2005 13:48 GMT

    The uneven skills of driver programmers have left a legion of holes in software that ships with Windows and Linux, security experts say.

    Operating system vendors and hardware makers should commit more resources toward systematically auditing Windows and Linux device-driver code for flaws, security
  • by Anonymous Coward
    First and foremost, the guy says he has NOT notified Microsoft, but then goes on later to say:

    "I was really looking to them to address this issue, but Microsoft feels that this is a hardware issue and doesn't see it as a problem," he said.

    Which one is it, you told them or you didnt?

    Then he goes really REALLY far out of his way not to mention which driver is supposedly exploitable... is it a driver HE wrote?!

    I'm giving this 95% that its a driver HE wrote and installed to exploit ring 0 access, not an exp
  • While there is obviously an issue in that drivers, (particularly automatically loadeded ones such as Firewire and USB), have not undergone the security scrutiny that network software has, this is most certainly a PR article. There isn't a link to a technical description of the problem anyway, but the second half of the article is dedicated to vendor solutions. This article was instigated by a PR firm, not by normal media services. I wish I was going to blackhad though. After SANS I could only get work t
  • This reminds me of when I bought a new MIDI controller with USB, and plugged it into my Windows 2000 machine and it just simply BSOD'd...

    I couldn't believe it, just like that, BANG reset. Found it was a "known problem", so I followed the instructions on the M-Audio website, to the letter. Tried it again, still BSOD'd. To this day I can't use my USB MIDI controller in Windows 2000. Fortunately I use it mostly in Linux, where it works just fine.

    (For the record, it does work under Windows XP)
  • This would be even more effective than the jpg exploit. And how many of those vulnerable web cams use USB? Talk about hacking the planet.
  • A lot of you are missing the point. A "locked down" machine may not have physical access. There are circumstances where the machine itself IS locked down, by virtue of security cameras, monitoring equipment, or simply not having the physical box in the viscinity.

    However, this USB exploit lets anybody defeat all that with just plugging in a USB device. This should be fixed. It is serious IN SOME CIRCUMSTANCES.

If it wasn't for Newton, we wouldn't have to eat bruised apples.

Working...