@foone the whole unfixably fucked security is something @stman and I discussed in lenghts.

• We came to the conclusion that using PS/2 ports and having a fully-transparent keyboard in a vlear, sealed case with reference images is the only option.

#USB is unfixably broken as it inherently does neither #authentification (#BIOS & #UEFI filter only by #HID class drivers if they can do so at all!) nor proper integrity checking nor any #Security whatsoever.

• Most enterprises and organizations that I know who do care about this literally hardwire systems, but them in lockedcabinets, use #PS2 HIDs, disable #USB controllers and set ports and headers in resin...

I mean, as soon as you got a #PwnPi or #PoisonTap at your hand, it's gameover...
https://www.youtube.com/watch?v=Aatp5gCskvk

@dangoodin so basically the Attackers deployed a #PoisonTap-Style #DNS-#Rebinding attack by compromising the #CPE of the #ISP's customers...

https://youtu.be/Aatp5gCskvk

Protect your USB ports against exploits like #BadUSB and #PoisonTap by putting rules in place with something like #USBGuard.
https://github.com/dkopecek/usbguard
#infosec #linux #usb