Re: Concrete ideas for the December-March OPW?

From: Michael Catanzaro <mcatanzaro gnome org>
To: Hans Petter Jansson <hpj copyleft no>
Cc: Safety and Privacy Team <safety-list gnome org>
Subject: Re: Concrete ideas for the December-March OPW?
Date: Wed, 29 Oct 2014 18:30:29 -0500

There are a couple of things I'm not quite sure about:

* Prompting. I think it's reasonable in this case, but not everyone
agrees.


You don't want to prompt the user to accept the device or not. The user
plugged it in and wants to use it. The purpose of the prompt I suggested
is to discover whether the device claims to be the thing it looks like
it is.

* How broad is the "simple HID" category? Is it always safe to accept
these devices?


No it's not safe, see
https://hakshop.myshopify.com/collections/usb-rubber-ducky/products/usb-rubber-ducky-deluxe

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson

References:
- Concrete ideas for the December-March OPW?
  - From: Federico Mena Quintero
- Re: Concrete ideas for the December-March OPW?
  - From: Tobias Mueller
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson
- Re: Concrete ideas for the December-March OPW?
  - From: Tobias Mueller
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]