Language Selection

English French German Italian Portuguese Spanish

USB devices offer an old-school way to steal data

Filed under
Security

We've heard a lot recently about data thieves stealing personal data, especially credit card and social security information, through phishing scams and keystroke-logging Trojan horses sent anonymously over the Internet. So it doesn't surprise me that criminal hackers are turning their attention away from the comforts of the Internet and going old school, once again physically infecting target computers by hand. Their method? How about a hardware-based Trojan horse using USB ports?

Plug and root

In a Black Hat talk entitled 'Plug and root: the USB key to the kingdom', researchers Darrin Barrall and David Dewey, both of SPI Dynamics, a security firm, outlined two flaws they found in the way Windows XP drivers handle Universal Serial Bus (USB) devices. The researchers said in July 2005 that both vulnerabilities had been disclosed to Microsoft, but the software giant didn't include patches in its August 2005 security update. The researchers found fault with the way Windows XP drivers handle USB autorun and USB raw sockets.

Full Story.

More in Tux Machines

Debian and Ubuntu Leftovers

  • MiniDebConf Prishtina 2017
    On 7th of October in Prishtina, Kosova’s capital, was hosted the first mini deb conference. The MiniDebConf Prishtina was an event open to everyone, regardless of their level of knowledge about Debian or other free and open source projects. At MiniDebConf Prishtina there were organized a range of topics incidental to Debian and free software, including any free software project, Outreachy internship, privacy, security, digital rights and diversity in IT.
  • No more no surprises
    Debian has generally always had, as a rule, “sane defaults” and “no surprises”. This was completely shattered for me when Vim decided to hijack the mouse from my terminal and break all copy/paste functionality. This has occured since the release of Debian 9.
  • Debian Security Advisory 3999-1
    Debian Linux Security Advisory 3999-1 - Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol, used for authentication in wireless networks. Those vulnerabilities applies to both the access point (implemented in hostapd) and the station (implemented in wpa_supplicant).
  • LXD Weekly Status #19
    This past week, part of the team was back in New York for more planning meetings, getting the details of the next 6 months, including LXC, LXD and LXCFS 3.0 fleshed out.

Software and howtos

  • wikipedia2text – A Command Line Tool For Querying The Wikipedia Article
    Hi folks am back with another interesting topic called wikipedia2text. It’s a small Shell script to query the Wikipedia articles in console, also it can open the article in any browser. This shell script uses text-browser to query and render Wikipedia articles. The output will be printed to standard out. It Currently supports around 30 Wikipedia languages. Most of us prefer Wikipedia to know the detailed information about any company or any product information & it’s history. For any google search by default Wikipedia link comes in Top 5.
  • Yay! I Found Yet Another Reliable AUR Helper
    Howdy Arch Users! I’ve got a good news for you. Today, I stumbled upon yet another reliable AUR helper called “Yay”. Yep! the name of this AUR helper is Yay. Currently, I use Pacaur for installing AUR packages. It does great job and I really like it. I also have used other AUR helpers such as Packer and Yaourt in the past. After reading its features, I thought to give “Yay” a try and see how things works. So, here we go!
  •  
  • mount.nfs: requested NFS version or transport protocol is not supported
  • How to Deploy Clojure Web Application on Debian 9
  • Copr stack dockerized!
  • Using Dell Dock With Ubuntu
    Over the years I have found my way around many minor hurdles when using Ubuntu, the most recent being Using the DELL ULTRAHD 4K USB 3.0 DOCKING STATION (D3100).

GNU/Linux Desktops/Laptops and Devices

OSS Leftovers