Holy fucking shit! Why nobody here is talking about Samy Kamkar's PoisonTap?
>>57545472
Context?
>>57545472
http://arstechnica.com/security/2016/11/meet-poisontap-the-5-tool-that-ransacks-password-protected-computers/
>>57545472
Which website which isn't using HTTPS has cookies which are valuable for an attacker?
Also it needs physical access. You can do all kind of shit to a usual PC when you have physical access to it.
>>57545614
What else you can do with a locked up PC with physical access to it?
>>57545472
This thing is only really useful if you want to install shady stuff in a workplace or on a computer of a friend. It's still a vulnerability but not really a huge deal.
>>57545653
Depends on the PC/Notebook, how it is secured physically, which interfaces it has, which software it's running.
When the PC or Notebook has any open accessible interfaces with DMA you can basically do anything. If you don't care to restart the device and it's not encrypted (normal user passwords doesn't matter) you can also do almost anything.
>>57545681
It's not even about installing stuff it's just about sniffing the unencrypted network traffic and getting the cookies of unencrypted websites.
>>57545681
It pretends to be an ethernet device.
Isn't any different from any other MITM attack. The bullshit about stealing passwords is bullshit.
So no, it really isn't useful.
>OP losing his shit over a tool that can be written in 20 minutes
lmao
>>57545708
>OP losing his shit
Not really.
>over a tool that can be written in 20 minutes
It's already written and available on the net.
>>57545786
>Not really
>Holy fucking shit!
Was it autism?
>>57545818
Looks like autism to me. You can't even interprete.
my group policy settings prevent arbitrary USB device installation and my cache clears itself on a very short interval
wew spooky exploit im very scared ^~^
>>57545653
Dump RAM and you win, even if the disk is encrypted.
```
/sbin/iptables -t nat -A PREROUTING -i usb0 -p tcp --dport 80 -j REDIRECT --to-port 1337
```
lol his code is kinda funny
1337 xD
>>57546358
I'm pretty sure most places don't have that policy in place though, do they?
>>57547096
USB device control measures are reasonably common in the professional environments I've been in, but I don't really know how prevalent it is in a general security context.