Ranter
Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Comments
		- 
				
				 kiki37484146dbtw, if the name "Samy Kamkar" does ring a bell, you're not tripping: he was behind that famous MySpace exploit that made people's browsers add Samy as a friend, making him the person with the most MySpace friends in no time. kiki37484146dbtw, if the name "Samy Kamkar" does ring a bell, you're not tripping: he was behind that famous MySpace exploit that made people's browsers add Samy as a friend, making him the person with the most MySpace friends in no time.
- 
				
				 antigermanist1744146d@kiki if somebody manage to enter my home to plug something on the desktop I have other issues. antigermanist1744146d@kiki if somebody manage to enter my home to plug something on the desktop I have other issues.
 
 Like home invasion
- 
				
				 kiki37484146d@iiii you're working in a coworking space. You want to go to the bathroom, so you lock your laptop and go. You know it's locked, so no one can access it. In the meantime, I connect to your usb, wait 30 seconds and disconnect. You never notice. kiki37484146d@iiii you're working in a coworking space. You want to go to the bathroom, so you lock your laptop and go. You know it's locked, so no one can access it. In the meantime, I connect to your usb, wait 30 seconds and disconnect. You never notice.
- 
				
				 12bitfloat10814146dGood ole samy. As long as he doesn't get his computer taken away for 8 years again! 12bitfloat10814146dGood ole samy. As long as he doesn't get his computer taken away for 8 years again!
- 
				
				 kiki37484146d@12bitfloat he also made a drone that automatically approaches other drones, hack them and build an army of drones for you kiki37484146d@12bitfloat he also made a drone that automatically approaches other drones, hack them and build an army of drones for you
- 
				
				 kiki37484146d@antigermanist if someone came to you there and inserted a usb stick into your laptop, your brain would've probably erased the memory of that because of how unusual it was and how much processing power was needed to process it correctly. Are you sure no one attacked your laptop like this ever? kiki37484146d@antigermanist if someone came to you there and inserted a usb stick into your laptop, your brain would've probably erased the memory of that because of how unusual it was and how much processing power was needed to process it correctly. Are you sure no one attacked your laptop like this ever?
- 
				
				 kiki37484146d@iiii no one is rational 100% of the time. I can totally see people who frequent their favorite coworking space get used to the convenience of leaving their locked laptop on their table while they go to the bathroom, and forget that it's a public space. kiki37484146d@iiii no one is rational 100% of the time. I can totally see people who frequent their favorite coworking space get used to the convenience of leaving their locked laptop on their table while they go to the bathroom, and forget that it's a public space.
 
 Why not prevent the issue once and for all by installing usbguard? It's free and open source.
- 
				
				 antigermanist1744146d@kiki no but one time some homeless guy on crack offered me a blowjob and tried to stab me when i said no thanks. antigermanist1744146d@kiki no but one time some homeless guy on crack offered me a blowjob and tried to stab me when i said no thanks.
 
 And yes I am that polite
- 
				
				 NoToJavaScript4503146dNothing new here ;p You should look in leaked doc from CIA. NoToJavaScript4503146dNothing new here ;p You should look in leaked doc from CIA.
 
 They can do SAME THING but with YVs lol ! Insane the doc ! (I don't have a link unfortunatly).
- 
				
				 CoreFusionX3544146dPeople already said it, and I already updooted, but just to reiterate... CoreFusionX3544146dPeople already said it, and I already updooted, but just to reiterate...
 
 If someone already has physical access to your computer, you have bigger problems at hand.
 
 And like, don't hit me with the usual shit.
 
 If you work IT, your computer is your tool.
 
 No one, much less blue collar workers leave their tools unattended.
 
 You don't do it either, and problem solved.
 
 I know I never let my laptop outta my sight, and nothing of the sort has happened in 7 years
- 
				
				 NoToJavaScript4503146d@CoreFusionX I agree. For most people on this website :) NoToJavaScript4503146d@CoreFusionX I agree. For most people on this website :)
 
 But I have seen plenty of times where people at work go for lunch without even locking their screens. It's a paid job for them, and they don't care if company data gets stolen. They think it's the company's responsibility to "protect" them.
 
 That's why disabling all USB ports, except for specific device IDs for keyboards and mice, should be mandatory in all workplaces!
 
 People (e.g., those working in accounting, sales, planning, etc.) don't care about these things. For them, a laptop is NOT a tool; it's an annoyance they are forced to use.
 
 It will be radically different for dev teams, sys admin teams, or other technical teams.
- 
				
				 devJs1621146dDude, i have issues when plugging in any device to usb, linux just don't want to recognize it at all, no matter if it is locked or unlocked! devJs1621146dDude, i have issues when plugging in any device to usb, linux just don't want to recognize it at all, no matter if it is locked or unlocked!
 
 Fuck you Samy!
- 
				
				 hjk1015569140dPresenting as NIC sure I can see that however remain active when unplugged? How would it do that? hjk1015569140dPresenting as NIC sure I can see that however remain active when unplugged? How would it do that?

Your computer is probably vulnerable to Samy Kamkar's poisontap: a Pi Zero-based device that connects to usb and does the following:
- emulates an Ethernet device over USB (or Thunderbolt)
- hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface)
- siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites
- exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding
- installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user's cookies via cache poisoning
- allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user's cookies on any backdoored domain
- does not require the machine to be unlocked
- backdoors and remote access persist even after device is removed and attacker sashays away
I need several minutes with your laptop to perform the hack, even if it's locked. Full-disk encryption and secure boot won't save you.
If you use GNU/Linux, install usbguard today. If you use macOS/Windows, idk, pray.
random