Hacking a network with an infectious mouse.
pentest.snosoft.comYou can have a some much less malicious fun applying the same idea to old games controllers. People typically put flash drives in them with an emulator + roms. It would be fun to put a whole linux distro on there that boots straight into the emulator, with a special menu, but I've never seen that.
http://edshowtos.blogspot.com/2008/06/how-to-make-your-own-n... (NES)
http://forums.benheck.com/viewtopic.php?t=35526 (SNES)
You can find a bunch of other hacks like this on HaD:
OMG, my mother's internet was dropping off and on yesterday, and as I was trying to diagnose the problem, she asked "maybe its the mouse." No mom, your mouse is not causing the Internet to drop....
Maybe it was the mouse. Damn.
page not loading. Here's the Google cache http://webcache.googleusercontent.com/search?q=cache:9Z4lxiV...
yeah, that went down very quickly. this url has proper formatting... http://webcache.googleusercontent.com/search?q=cache:9Z4lxiV...
How was the payload executed? I've been thinking of trying to write malware test cases using HID specs, but the article doesn't go into much detail.
0day vuln in convincing windows to auto-install the device drivers.
Should have read better, and realized that IronGeek might have played a role.
http://www.irongeek.com/i.php?page=security/programmable-hid...
I believe the 0-day was for subverting mcafee
cool, but if they were given a single IP to target why could they have the mouse on another machine? alternatively: if they could attack other machines, why not use another machine that was exposed via the network? something isn't consistent.
I'm assuming that they were asked to compromise a typical tightened corporate network, in which there's only a single external address -- the firewall's -- and therefore that's the only address they had to work with.
In that case, compromising one of the clients behind the firewall is the typical next step for an attack. (They did a heck of a nice job on that, though.)
so, was the person who plugged in the mouse fired? I mean, while the firing would be understandably and justifiably "for cause", I personally feel disgust about provocations.