Language Selection

English French German Italian Portuguese Spanish

USB devices offer an old-school way to steal data

Filed under
Security

We've heard a lot recently about data thieves stealing personal data, especially credit card and social security information, through phishing scams and keystroke-logging Trojan horses sent anonymously over the Internet. So it doesn't surprise me that criminal hackers are turning their attention away from the comforts of the Internet and going old school, once again physically infecting target computers by hand. Their method? How about a hardware-based Trojan horse using USB ports?

Plug and root

In a Black Hat talk entitled 'Plug and root: the USB key to the kingdom', researchers Darrin Barrall and David Dewey, both of SPI Dynamics, a security firm, outlined two flaws they found in the way Windows XP drivers handle Universal Serial Bus (USB) devices. The researchers said in July 2005 that both vulnerabilities had been disclosed to Microsoft, but the software giant didn't include patches in its August 2005 security update. The researchers found fault with the way Windows XP drivers handle USB autorun and USB raw sockets.

Full Story.

More in Tux Machines

Vector Linux 7.1 Light

If you find yourself needing a new firefox but your computer and glibc is too old, Vector Linux 7.1 light will fit the bill. People who are more comfortable with a SysV style init over systemd will breathe a sign of relief. All in all VL 7.1 is a viable choice for users who wish to continue using their older computers with a modern web browser. Read more

Ubuntu Touch OTA-9.5 Hotfix on Its Way to Fix the Big Mir Issue on Ubuntu Phones

Canonical's Łukasz Zemczak today informs us that the Ubuntu Touch development team is considering and preparing to release the promised OTA-9.5 hotfix to Ubuntu Phones users to fix the big Mir issue that made users' smartphone unstable. Read more

Open Source Desktop: Good News and Bad News

The good news is that open source has become the leader on the desktop. The bad news is that a single desktop is not the leader, and that leadership on the desktop may no longer matter. Obviously, the first statement needs qualifications. It clearly does not refer to the number of users, since officially Linux has yet to break 2%, although, depending on your logic, the actual figure might be several times higher. Read more

KDE Applications 16.04 Release Schedule

The release schedule for the upcoming KDE Applications 16.04 bundle has been firmed up. The approved release schedule puts the KDE Applications 16.04 release on 20 April, while leading up to that is the dependency freeze on 16 March, the 16.04 freeze and beta release on 23 March, and the release candidate on 6 April. Read more