Language Selection

English French German Italian Portuguese Spanish

USB devices offer an old-school way to steal data

Filed under
Security

We've heard a lot recently about data thieves stealing personal data, especially credit card and social security information, through phishing scams and keystroke-logging Trojan horses sent anonymously over the Internet. So it doesn't surprise me that criminal hackers are turning their attention away from the comforts of the Internet and going old school, once again physically infecting target computers by hand. Their method? How about a hardware-based Trojan horse using USB ports?

Plug and root

In a Black Hat talk entitled 'Plug and root: the USB key to the kingdom', researchers Darrin Barrall and David Dewey, both of SPI Dynamics, a security firm, outlined two flaws they found in the way Windows XP drivers handle Universal Serial Bus (USB) devices. The researchers said in July 2005 that both vulnerabilities had been disclosed to Microsoft, but the software giant didn't include patches in its August 2005 security update. The researchers found fault with the way Windows XP drivers handle USB autorun and USB raw sockets.

Full Story.

More in Tux Machines

Elementary OS’s Pantheon Desktop May Become Available On Fedora Systems, Starting With Fedora 22

The Fedora developers are thinking at porting Elementary OS’s Pantheon Desktop to Fedora. If this happens, Pantheon will be available via the default repositories of Fedora, starting with Fedora 22, which will be released next year. Read more

Docker in Production — What We’ve Learned Launching Over 300 Million Containers

Earlier this year, we made a decision to run every task on IronWorker inside its own Docker container. Since then, we've run over 300,000,000 programs inside of their own private Docker containers on cloud infrastructure. Now that we’ve been in production for several months, we wanted to take the opportunity to share with the community some of the challenges we faced in running a Docker-based infrastructure, how we overcame them, and why it was worth it. Read more

Review: Scientific Linux 7.0 GNOME

It has been a while since I have done a review (almost 3 months, in fact). It has been significantly longer since I have looked at Scientific Linux (over 3 years, in fact). Given that, I figured it might be worthwhile to make this review about Scientific Linux 7.0. I'm just glad that I did it before the time elapsed for something else to come up (around 3 minutes, in fact — OK, I just made that one up to match the other statements). Read more

Free software hacker on open source telemetry project for OpenStack

Julien Danjou is a free software hacker almost all of the time. At his day job, he hacks on OpenStack for eNovance. And, in his free time, he hacks on free software projects like Debian, Hy, and awesome. Julien has also written The Hacker's Guide to Python and given talks on OpenStack and the Ceilometer project, among other things. Prior to his talk at OpenStack Summit 2014 in Paris this year, we interviewed him about his current work and got some great insight into the work going on for the Ceilometer project, the open source telemetry project for OpenStack. Read more