chrome and leather usb flash drive, centon makes them..

yes, your OHCI usb host controller can perform dma transfers. no, this doesn’t mean that a usb *device* has the ability to initiate a transfer to an arbitrary address.

yes, a usb device driver could have a buffer overflow. this has everything to do with buggy drivers and nothing to do with usb in general.

yes, you can put an autorun on a usb-mounted filesystem, and if you’re running a stupid os, it might run that. no, this is not news.

yes, cardbus cards are effectively PCI cards and can perform arbitrary bus transactions. yes, this is interesting and can probably be used to bypass OS security.

one out of four is pretty pathetic, for someone who’s claiming to be some sort of security expert.

On the other side, Maximillian Dornself does do what he sais (do direct DMA access from an iPod using firewire). Unless there is a bug in the USB drivers (like buffer overflow or something), it’s not feasable using the straight USB protocol, however, firewire protocol does include DMA (and that’s the problem)

huh?

Thats what I do at my school, except I put everything hidden away on a shared network drive.

hrm, this looks like it could execute code autonomously… down right blow the computer up if it had too… fun stuff.

You have all this security in mind, but what happens if they use remote desktop or VNC or in read only mode and just watch you open things?

Don’t ever assume what you are doing at work is secure from your employers. They could wait till you are gone and dump the memory and virtual memory. They can take periodic screenshots.

#3 hit this right on. If someone is close enough to use a hacked USB keychain or plant one on an unsuspecting employee, then you have a personnel or physical security issue, not a software/hardware issue.

The camels are mine suckers!