Re: Re: You find a USB stick on the ground in public, what do you do?
By: fusion to Nelgin on Mon Sep 18 2023 23:48:00
fu> there's lots of creepy stuff that maybe hasn't been done yet.. for example
fu> a usb-c device that pretended to be a monitor could be fed everything you
fu> do.. assuming you managed to put the pc into 'mirror mode' .. something
fu> you might be able to automate by also making the usb stick include a
fu> keyboard/mouse controller.. at that point you could probably create
fu> something to remotely control the computer too. a non-savvy user might
fu> choose mirror mode on their own just to avoid losing windows to the
fu> invisible desktop lol
There's lots of creepy stuff that *has* been done. You can do an HID as well as
small storage and even a wireless network adapter. If the device being plugged
into is unlocked, and you know the OS in question, there's quite a bit you can
do.
For a system I had concerns about, I actually wanted to have a second sealed sys
tem with only a serial interface externally with a write-only log to at least tr
ack any potential security issues... But, what could go wrong with systems runn
ing windows, software that has plain text database passwords available to non-ad
min accounts and ballot PDF files that aren't even cryptographically signed. An
d so what if these systems were actually deployed on systems that aren't the sys
tems tested on... and no big deal if configurations were changed the night befor
e and morning of the election...
"Most secure election in US history."
--
Michael J. Ryan
+o roughneckbbs.com
tracker1@roughneckbbs.com
---
■ Synchronet ■ Roughneck BBS - roughneckbbs.com
|
