Language Selection

English French German Italian Portuguese Spanish

USB devices offer an old-school way to steal data

Filed under
Security

We've heard a lot recently about data thieves stealing personal data, especially credit card and social security information, through phishing scams and keystroke-logging Trojan horses sent anonymously over the Internet. So it doesn't surprise me that criminal hackers are turning their attention away from the comforts of the Internet and going old school, once again physically infecting target computers by hand. Their method? How about a hardware-based Trojan horse using USB ports?

Plug and root

In a Black Hat talk entitled 'Plug and root: the USB key to the kingdom', researchers Darrin Barrall and David Dewey, both of SPI Dynamics, a security firm, outlined two flaws they found in the way Windows XP drivers handle Universal Serial Bus (USB) devices. The researchers said in July 2005 that both vulnerabilities had been disclosed to Microsoft, but the software giant didn't include patches in its August 2005 security update. The researchers found fault with the way Windows XP drivers handle USB autorun and USB raw sockets.

Full Story.

More in Tux Machines

More Security Leftovers

Linux Foundation and Free Software Foundation Europe

Lessons learned from the failure of Ubuntu Touch

With the death of yet another open source/free software/Linux-based mobile platform, Ubuntu Touch, clearly it is time for us to sit down and have a frank discussion about what we in the free software world can reasonably accomplish in a mobile platform. One of the biggest issues—if not THE biggest issue—with Ubuntu Touch was that it simply had goals that were far too aggressive to reasonably achieve. It suffered from the all-too-common malady known in software development as feature creep. Read more

City Cloud gets Ubuntu Certified

European Infrastructure as a Service (IaaS) provider City Network, has joined the Ubuntu Certified Public Cloud (CPC) programme. This is the second very big European win for Ubuntu after it signed up OVH earlier this month. As an Ubuntu CPC partner, City Cloud will no longer need to create, curate, patch and maintain Ubuntu images. This will all be done by Ubuntu who will then provide them to City Network. Read more