This repository has been archived by the owner on Nov 9, 2018. It is now read-only.
Misleading advertisement #13
Assignees
Labels
bug
enhancement
up next
Feature Request, or Bug that will be fixed once the current In Progress task is completed
Comments
|
Hi @jaseg, Thanks for submitting an issue, I am currently re-writing the documentation as you suggested. This should be posted within the next couple of days. |
|
I have added a disclaimer as suggested, once I get more time I will be able to thoroughly document what is monitored, under which conditions. As an added bonus I have removed any reference to this being a security tool. |
errbufferoverfl
added
the
up next
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The
READMEsais aboutusb-canarythat its function is to "monitor USB devices", just as its name suggests. However, as far as I can tell it is only monitoring mounted physical partitions.Possible Solution
Clearly document what is monitored, under which conditions alerts will happen and what use this is applied to common threat models.
I would also highly suggest a note pointing out that usb-canary is experimental, early stage software and should absolutely not be relied upon in critical situations.
Context
usb-canary at least on first glance looks like a security tool. For any security tool, clear and precise communication as to its threat model and scope are necessary for it to be used correctly.
An important omission is that currently, usb-canary will not detect one of the most common classes of usb-based attacks, available to anyone: Fake HID-Class keyboard devices. In contrast, properly implemented even a change such as inserting a keylogger could be detected.
The text was updated successfully, but these errors were encountered: