*** This bug is a duplicate of bug 1393612 ***
https://bugs.launchpad.net/bugs/1393612
Answering your questions:
"- How would a user interact when plugging in the first keyboard or mouse?"
The first keyboard and mouse are normally connected when powering on the PC.
The behaviour should be like today - no restrictions for the first keyboard and
mouse.
(Normally the USB flash drive is connected only *after* that the normal
keyboard & mouse are already connected.)
"- What if the malicious device was first only because it was 'earlier' in the
USB network?"
If by "earlier in the USB network" you mean :
* "connected before the keyboard and mouse" then for now there is not much I
can think of. But normally that does not happen, and *some* protection is
better than none.
* "connected in parallel (same time) to keyboard & mouse" then alert the user
that he needs to remove one of them in order to proceed.
"- How would the system tell a keyboard-with-hub that a user intended to buy
from a keyboard-with-hub that a user didn't intend to buy?"
Hubs aren't the norm.
In case that someone has a hub (doubtful..) then he can always disable the
security behaviour. I sincerely believe that most of the people would prefer to
have more protection and little discomfort than having this huge exploit.
"- What would the interaction look like on a computer with no displays? With a
dozen displays? With a dozen seats?"
With no displays: Does it connect via ssh? If so, then he could see the
message. If not then a sound/beep would be activated. If having no speakers
then the user should understand that something is wrong... But I think that
this is rarely happen, therefore if it does happen - then it is probably(??)
the USB exploit.
With dozen of displays: Simply display an alert window of some sort on one of
the desktop (is this really a problem? How does Ubuntu manages to display
errors with dozen of displays?).
With a dozen seats: What do you mean by "seats" ?
USB is very flexible indeed, but most people would prefer to know that
their system is secure than spending few minutes (or half an hour in
worst case) in understanding the (rare) problem and fixing it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1590990
Title:
USB exploit - cross platform
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1590990/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
