Security Basics mailing list archives
Re: uniquely identifing USB device
From: "Bart Tryb" <bartryb () gmail com>
Date: Tue, 10 Apr 2012 19:10:12 +0200
Its very easy to emulate any usb stick - to being seen in system as pendrive, keydrive and so on. Making values of vendor - model numer, serial number emulation, the answer is layer drivers.
Of course it's impossible with quite advenced hardcore knowledge of windows device tree represenation, and the way windows interpretations looks like for every device in system, but the level of programming needed for doing something like this is imho basic+ in c++.
Making usb stick as a key code isn't as good way of protecting software as once can think it is, cause there always way to crack it by emulating stick or by cracking program itself. Give me your application, ollydbg and 6 pack of taurine consist energy drink and it will be cracked.
If you wanna make security based on keycard, key-stick, u have to be sure, that system that will be launching verification application/procedure is secure - if it is so, all key-verification could be successfully implemented in company. But, if there is possibility, that at least one pc could be compromised, or it is possible to launch on it application, that didn't been allowed by (i dont know, security administrator) or person whose duty is to monitor (accept/deny) application launching (basing on crc or md5 or many many more), in such unsecured environment, there's no problem at all to make emulation of usb-identification device.
Nice idea is for You to make one central computer, and the rest of pc are only (for example) xp thin clients, and in such situation only central computer should be secured and monitored for secure identification or data permission allowing.
unemployed security, B.T. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- uniquely identifing USB device erki . manniste (Apr 05)
- Re: uniquely identifing USB device Thugzclub (Apr 09)
- RE: uniquely identifing USB device Taylor, Graham (Apr 09)
- RE: uniquely identifing USB device Mohd Fauzi Bin Suwarno (Apr 10)
- Re: uniquely identifing USB device Bart Tryb (Apr 10)
- RE: uniquely identifing USB device Taylor, Graham (Apr 09)
- Re: uniquely identifing USB device Thugzclub (Apr 09)
- RE: uniquely identifing USB device Mohd Fauzi Bin Suwarno (Apr 09)
- Re: uniquely identifing USB device _ (Apr 09)
- Re: uniquely identifing USB device John Morrison (Apr 11)
- RE: uniquely identifing USB device Erki Männiste (Apr 11)
- <Possible follow-ups>
- uniquely identifing USB device Bartosz Trybus (Apr 10)