Marek Marczykowski-Górecki:
> If you (or someone else) plug a malicious USB device that will exploit
> some bug in one of million USB device drivers, it can do whatever it
> want with the other USB devices on the same bus. And if that USB
> controller live in dom0, it's game over even without injecting malicious
> keystrokes.
> PS/2 is much better, because you can't connect anything else than input
> devices there, and attack surface is much smaller.

After having read the entirety of the PC security paper Joanna wrote a
while back, I was shocked to see how poor PC security really is. I found
it one of the most profound papers I've ever read. As far as I'm
concerned, it should be required reading for anyone capable of
understanding even the basics.

What you wrote reminds me of that feeling and how wide open and
vulnerable things really are for those that know what they're doing.
It's amazing to me things have been "allowed" to get this bad.

All genuine efforts into making things better are very much appreciated
and needed by all of us. Thank you.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to