@hensys #PwnPi-ALOA FTW!

Cc: @Golem @Golemde

@foone the whole unfixably fucked security is something @stman and I discussed in lenghts.

• We came to the conclusion that using PS/2 ports and having a fully-transparent keyboard in a vlear, sealed case with reference images is the only option.

#USB is unfixably broken as it inherently does neither #authentification (#BIOS & #UEFI filter only by #HID class drivers if they can do so at all!) nor proper integrity checking nor any #Security whatsoever.

• Most enterprises and organizations that I know who do care about this literally hardwire systems, but them in lockedcabinets, use #PS2 HIDs, disable #USB controllers and set ports and headers in resin...

I mean, as soon as you got a #PwnPi or #PoisonTap at your hand, it's gameover...
https://www.youtube.com/watch?v=Aatp5gCskvk

@BrodieOnLinux So I guess I've to blame #Linux distros like @ubuntu that don't offer that in their settings...

Needless to say USB-IDs are trivial to copy and clone so that won't stop anything from like #PwnPi ALOA from working because there isn't any form of authentification or (integirty) checks or encryption whatsoever on #USB...

https://github.com/greyhat-academy/lists.d/blob/main/usb.devices.list.tsv

@crypto_gnu yeah... That may be the issue...

It's like with the #PwnPi / #PwnPiALOA and #Floppinux...

Both had their releases scrapped from their project sites...