Linked by Thom Holwerda on Sat 23rd Jul 2005 16:54 UTC
Privacy, Security, Encryption Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device, according to an executive from SPI Dynamics, which discovered the security hole. However, SPI tested attacks on Windows systems, but any operating system that is USB-compliant is probably vulnerable.
Permalink for comment 8684
To read all comments associated with this story, please click here.
READ THE ARTICLE PEOPLE
by deathshadow on Mon 25th Jul 2005 14:18 UTC
deathshadow
Member since:
2005-07-12

>>However, the flaw is with USB, not Windows, said David Dewey, a research engineer at SPI. Standards developed by the USB Implementers Forum Inc., the nonprofit corporation that governs USB, don't consider security, he said.

This pretty much means the security flaw is NOT in the OS, but in the USB specification itself... If the flaw is in the device specification any driver that complies with the specs is likely to have the vulnerability...

At least that's how I read it. Considering this involves someone walking up and physically plugging in a device, this is no different than floppy, zip or CD vulnerabilities... In other words no threat unless you are a total idiot.

Reply Score: 1