Hacker News new | past | comments | ask | show | jobs | submit login

You don't connect new microcrontrolers (from unkown procedence) into a main I/O bus every time you get data from somebody in optical disks. You always use the same set.



On the other hand, if we're talking security, while USB drives are "unknowns", at least they don't have DMA like an optical drive.


No, but they do have "I'm really a hub with a keyboard and a mouse (and a mass storage device) behind it". Or, if you go for simple but (too often) effective, "please autorun evil.exe". (Also, how well-secured do you think your USB stack is? It's been exposed to tons of shitty devices, of course, but proper attacks?)

USB isn't to be trusted, either.


Unless someone invests time into creating a safe, open-source USB passthrough device. I imagine it wouldn't be that hard to do for specific USB classes. It could even spot a "charge-mode" switch which cuts data lines as an option.


Right, neither is trustworthy, so we agree :)


I wonder what the odds are that the microcontroller in an optical drive contains bugs that can be exploited with a specially crafted disc.


IIRC either the original Xbox or the Xbox 360 was sometimes modded/jailbroken by using a modified firmware for the internal DVD drive. Not exactly the same thing, but in the same vein.


I could definitely see it being easy to write bugs where verification code assumes that nominally read-only devices always return the same data for two subsequent reads of the same location, and then getting up to mischief by taking advantage of that assumption.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: