if putting a USB stick into a computer is a security risk then this is a failure of the people designing the computer's operating system, not the people putting in a USB stick.
-
Show this thread
-
exchanging files with a usb stick is a normal everyday task. clicking on things is a normal everyday taks. opening mail attachments is a normal everyday task. systems that make normal everyday tasks dangerous are badly designed.
10 replies 106 retweets 240 likesShow this thread -
This Tweet is unavailable.
-
sure. but you don't need the 0day, because "emulate a keyboard, type in some commands that download a malware and execute it" works. if we can elevate it to "you need an 0day" that'd be progress.
1 reply 1 retweet 23 likes -
Replying to @hanno
other than that yeah we should run fuzzers on filesystems and particularly external device drivers. some work on that has been done on Linux.
1 reply 0 retweets 7 likes -
Replying to @hanno
Indeed. Linux, Windows, macOS, FreeBSD, OpenBSD, etc. are all vulnerable to trivially-corrupted filesystems. Most desktop environments auto-mount filesystems on devices that are plugged in (or otherwise attached).https://www.youtube.com/watch?v=r3MeifE2oFw&t=21s …
3 replies 0 retweets 4 likes -
This Tweet is unavailable.
A write-up is in the works, but not public yet. I'm trying to give the affected vendors a chance to decide whether to fix what I've reported.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.