Brodie Robertson
How many hacking movies would be over before they started if the admin just enabled usb authorization
Mar 25, 2024 at 5:00amWeb
Show threadKevin Karhan Mar 25, 2024

@BrodieOnLinux You know that aside from very, very few business devices one.can't even configure this at all?

Like I know that Thin Clients and ThinkPads allow kilking all ISB in the UEFI but normal.consumer systems jist don't allow that!

Show threadBrodie RobertsonMar 25, 2024
@kkarhan For 5 years there's been kernel usb authorization and we also have user space policy solutions like USBGuard
Show threadKevin Karhan Mar 25, 2024

@BrodieOnLinux So I guess I've to blame #Linux distros like @ubuntu that don't offer that in their settings...

Needless to say USB-IDs are trivial to copy and clone so that won't stop anything from like #PwnPi ALOA from working because there isn't any form of authentification or (integirty) checks or encryption whatsoever on #USB...

https://github.com/greyhat-academy/lists.d/blob/main/usb.devices.list.tsv

lists.d/usb.devices.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
Show threadJesse Mar 25, 2024
@BrodieOnLinux most hacking movies would be over before they started because the hacking is always impossible gobbledegook that sounds cool

like look at this ridiculous shit https://www.youtube.com/watch?v=u8qgehH3kEQ

guy at the end literally just unplugs the monitor i cant do it anymore
NCIS 2 IDIOTS 1 KEYBOARD

YouTube
Show threadBrodie RobertsonMar 25, 2024
@jessew That's such a dumb scene
Show threadJesse Mar 25, 2024
@BrodieOnLinux there's always worse

https://www.youtube.com/watch?v=rkx6Lz6rDNc

"hacked by a power cable" sounds like a video thumbnail with one of your facepalm photos like this one
NCIS: Getting hacked through a power cable

YouTube
Show threadBrodie RobertsonMar 25, 2024
@jessew So a wireless mouse works through a faraday cage but somehow the device can't access your network, I buy that for sure
Show threadOkkiMar 25, 2024

@BrodieOnLinux

In 2018 there was a #GNOME project to strengthen security with regard to USB, but I have the impression that nothing came of it in the end 🤔

https://wiki.gnome.org/Internships/2018/Projects/USB-Protection

Internships/2018/Projects/USB-Protection - GNOME Wiki!

Show threadBrodie RobertsonMar 25, 2024
@gnomelibre It's been there for a long time, most distros just don't setup USBGuard
Show threadOkkiMar 25, 2024

@BrodieOnLinux

Now that GNOME has a Device Security control panel with a list of security events, it would have been nice to be able to control #USBGuard from Settings and have quick and easy access to the latest events…

If it had been a suggested dependency of #GNOME and #KDE, USBGuard would have been present on most distributions a long time ago 🤔

Show threadKevin Karhan Mar 30, 2024
@BrodieOnLinux @gnomelibre do you know any distro that does?
Show threadMackajMar 25, 2024

@BrodieOnLinux

They'd just fall back to guessing the password after 5 tries by listing the names of the target's pets and children.

Show threadTukanDevMar 25, 2024
@BrodieOnLinux The scenes would just fallback to hackers sending encrypted nuclear launch code packets by sticking usb into ethernet port and somehow the target pc would understand how to decrypt and give access to mainframe.
Show threadNeil E. HodgesMar 30, 2024
@BrodieOnLinux Automounting is a scam. :P