[Dailydave] Lessons learned from 50 bugs: Common USB driver vulnerabilities

Thu, 17 Jan 2013 11:46:25 -0800 

At INFILTRATE 2012 I presented "Undermining Security Barriers - Further 
Adventures with USB"[1]. I have just released a white paper entitled "Lessons 
learned from 50 bugs: Common USB driver vulnerabilities"[2], which analyses the 
first 50 USB bugs I discovered using the techniques I talked about last year 
and discusses the most likely locations for USB bugs in the various descriptors 
and class-specific data structures, which will hopefully be helpful to others 
researching USB security.

Cheers,
Andy

1 - http://www.nccgroup.com/media/18320/usb_-_undermining_security_barriers.pdf
2 - 
http://www.nccgroup.com/media/190706/usb_driver_vulnerabilities_whitepaper_january_2013.pdf

________________________________
Andy Davis
Research Director
NCC Group
Kings Court Kingston Road
Leatherhead, KT22 7SL

Telephone: +44 1372 383900
Mobile: +44 7545 503298
Fax: +44 1372 383901
Website: www.nccgroup.com<http://www.nccgroup.com>
Email:  [email protected]<mailto:[email protected]>
        [http://www.nccgroup.com/_client/images/global/nccgroupIT.jpg]  
<http://www.nccgroup.com/>
________________________________

This email is sent for and on behalf of NCC Group. NCC Group is the trading 
name of NCC Group Security Services Limited (Registered in England CRN: 
4474600). Registered Office: Manchester Technology Centre, Oxford Road, 
Manchester, M1 7EF. The ultimate holding company is NCC Group plc (Registered 
in England CRN: 4627044).

Confidentiality: This e-mail contains proprietary information, some or all of 
which may be confidential and/or legally privileged. It is for the intended 
recipient only. If an addressing or transmission error has misdirected this 
e-mail, please notify the author by replying to this e-mail and then delete the 
original. If you are not the intended recipient you may not use, disclose, 
distribute, copy, print or rely on any information contained in this e-mail. 
You must not inform any other person other than NCC Group or the sender of its 
existence.

For more information about NCC Group please visit 
www.nccgroup.com<http://www.nccgroup.com>

P Before you print think about the ENVIRONMENT


For more information please visit <a 
href="http://www.mimecast.com";>http://www.mimecast.com<br>
This email message has been delivered safely and archived online by Mimecast.
</a>
_______________________________________________
Dailydave mailing list
[email protected]
https://lists.immunityinc.com/mailman/listinfo/dailydave

Reply via email to