Subj : Re: You find a USB stick on the ground in public, what do you do?

Subj : Re: You find a USB stick on the ground in public, what do you do?
To : fusion
From : Tracker1
Date : Sun Oct 01 2023 04:23 pm

Re: Re: You find a USB stick on the ground in public, what do you do?
By: fusion to Nelgin on Mon Sep 18 2023 23:48:00

fu> there's lots of creepy stuff that maybe hasn't been done yet.. for example
fu> a usb-c device that pretended to be a monitor could be fed everything you
fu> do.. assuming you managed to put the pc into 'mirror mode' .. something
fu> you might be able to automate by also making the usb stick include a
fu> keyboard/mouse controller.. at that point you could probably create
fu> something to remotely control the computer too. a non-savvy user might
fu> choose mirror mode on their own just to avoid losing windows to the
fu> invisible desktop lol

There's lots of creepy stuff that *has* been done. You can do an HID as well as small storage and even a wireless network adapter. If the device being plugged into is unlocked, and you know the OS in question, there's quite a bit you can do.

For a system I had concerns about, I actually wanted to have a second sealed system with only a serial interface externally with a write-only log to at least track any potential security issues... But, what could go wrong with systems running windows, software that has plain text database passwords available to non-admin accounts and ballot PDF files that aren't even cryptographically signed. And so what if these systems were actually deployed on systems that aren't the systems tested on... and no big deal if configurations were changed the night before and morning of the election...

"Most secure election in US history."

--
Michael J. Ryan
+o roughneckbbs.com
[email protected]

---
� Synchronet � Roughneck BBS - roughneckbbs.com