Home page logo

oss-sec logo oss-sec mailing list archives

Re: Malicious devices & vulnerabilties
From: Eugene Teo <eugene () redhat com>
Date: Mon, 09 Jan 2012 03:48:20 +0800

On 01/08/2012 07:19 PM, Florian Weimer wrote:
* Xi Wang:

I am wondering where to draw the line.  Should such device drivers
be considered vulnerable or not?  Thanks.

I think they should be considered vulnerable.  Some applications need
some robustness to attacks even from the local console (e.g., student
computer rooms).

USB is also a popular transport in many air-gapped environments.

I would consider them vulnerable with low security impacts. If you are
fixing such issues, do post them to the list.

Thanks, Eugene

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]