Do you protect your USB port? (github.com)
from j1racoon@lemmy.ml to privacy@lemmy.ml on 10 Mar 23:15
https://lemmy.ml/post/44311629

…by physically removing a port (who would do that) or using the software?

#privacy

threaded - newest

BCsven@lemmy.ca on 10 Mar 23:26 next collapse

The software locks out the auto discover and auto config of attached devices, unless they are in an allow list.

Same like some android phone models where you can turn off USB port to protect your phone from being infiltrated.

I did work at a place that filled the USB ports with HotGlue to stop workers loading movies on the computers on night shift

MonkderVierte@lemmy.zip on 11 Mar 12:26 collapse

to stop workers loading movies on the computers on night shift

Lol, did it work?

BCsven@lemmy.ca on 11 Mar 18:12 collapse

Yes because the keyboard and mouse were via the serial PS connectors, but the IT dudes could have just opened the case and unplugged the USB headers instead of permanently filling the slots with glue.

[deleted] on 10 Mar 23:30 next collapse

.

ParlimentOfDoom@piefed.zip on 10 Mar 23:53 next collapse

Yes. It’s inside my house where no one else can get to it.

chemicalwonka@discuss.tchncs.de on 11 Mar 00:50 next collapse

You cant protect yourself from Microsoft that is the biggest threat

ell1e@leminal.space on 11 Mar 10:12 collapse

I agree. Kind of would seem more useful to have such a UI on Linux.

ATS1312@lemmy.dbzer0.com on 11 Mar 15:23 collapse

USBGuard was on Linux first.

orphigle@lemmy.ml on 12 Mar 22:41 collapse

True, USBGuard is using a mechanism that has been present on Linux since year 2007.

www.kernel.org/doc/…/authorization.txt

RodgeGrabTheCat@sh.itjust.works on 10 Mar 23:30 next collapse

I have the port set to “Charge only when locked”. I never use public charging stations.

Ferrous@lemmy.ml on 11 Mar 01:02 next collapse

This is the best strategy.

However, if you ever knew youd NEED to use public charging, check out USB condom adapters. They open circuit the data pins.

JustEnoughDucks@slrpnk.net on 11 Mar 06:52 collapse

Sony, in their infinite wisdom, defaults full data without the ability to choose a default, you can only deny upon plugging it in and it will eventually revert back to full data anyway

Samsy@lemmy.ml on 11 Mar 05:24 next collapse

Do you protect your USB port?

Sure, I’ve got my HPV vaccination.

ExcessShiv@lemmy.dbzer0.com on 11 Mar 15:12 collapse

What would USB stand for in this? Under Sheets Buddy?

ell1e@leminal.space on 11 Mar 10:12 next collapse

Is there a similar program for Linux?

xvertigox@lemmy.world on 11 Mar 10:39 next collapse

When I plug a USB device in on KDE I get prompted to see if I want to mount it or not.

hexagonwin@lemmy.today on 11 Mar 10:46 next collapse

the usb device is auto detected and activated, it’s just asking you to mount if it happens to be a storage device

xvertigox@lemmy.world on 13 Mar 00:39 collapse

That’s true, I understand the need for USBGuard now.

ell1e@leminal.space on 12 Mar 13:06 collapse

I think to be fully safe, you would have to get prompted for any type of USB device including a mouse and keyboard. At least I think that’s the idea of USBGuard.

xvertigox@lemmy.world on 13 Mar 00:39 collapse

Ah, that makes sense, cheers.

SurpriseWaterfall@sopuli.xyz on 11 Mar 10:57 next collapse

Linux has USBGuard and is likely in your distro’s repos. It operates the same way with having rules on which usb devices to allow

MonkderVierte@lemmy.zip on 11 Mar 12:24 collapse

So, uh, a udev GUI?

utopiah@lemmy.ml on 12 Mar 15:12 collapse

Be mindful that such a program would have to be safer than the situation without. A program on a public repository that isn’t used by any distribution, isn’t audited, hasn’t a lot of comments (and thus eyes on its code) might be a disproportionate risk compared to the default settings of a popular open source distribution IMHO.

FreddiesLantern@leminal.space on 11 Mar 11:48 next collapse

Shouldn’t you rather protect your usb ports from Windows?

(Kidding,… or am I?)

DieserTypMatthias@lemmy.ml on 11 Mar 16:15 next collapse

GrapheneOS allows you to disable it. I just charge mine wirelessly, though if the charger supports MagSafe, then you’ll need to buy a MagSafe case for your Pixel, since built-in magnets are waaay too weak.

NewNewAugustEast@lemmy.zip on 11 Mar 19:08 next collapse

Windows? Why bother.

yannic@lemmy.ca on 12 Mar 13:57 next collapse

Which Windows? My south-facing ones?

IratePirate@feddit.org on 12 Mar 20:21 collapse

Yo, dawg! I heard you like Linux! So we removed all the windows from your car!

vaionko@sopuli.xyz on 12 Mar 18:40 next collapse

No? I just don’t plug random shit in my computer.

orphigle@lemmy.ml on 12 Mar 22:38 collapse

What, if somebody else does while you’re not looking?

vaionko@sopuli.xyz on 15 Mar 01:19 collapse

I never leave my laptop unsupervised, I’m more concerned about it getting stolen than malicius USB devices. And if someone gets to my desktop while I’m not looking, I’ve got bigger problems.

umbrella@lemmy.ml on 12 Mar 19:50 collapse

<img alt="" src="https://lemmy.ml/pictrs/image/fdd2edc4-4ea1-4344-a7d3-3ec083ed4cdc.png">