Take a quick look at those security measures

I still have very hard time catching with the Ducky, i read all about it what i can find, i watched the video and links you gave me but the only thing i understand is it mimics a keyboard and is able to mimic keystrokes. The information is confusing about someone who makes his first steps on this ground. But how exactly will it bypass the windows lock screen? Will it brute force it. or extract the login password itself? Can it extract facebook/email passowrds if i dont save them on the windows? Even if does steals the login passwords he would still need to login to do someething. Or is it that the ducky itself can execute/install spyware or something like that without logging?

About whats with the worries, it's the fact i have no idea how those things work. Being out of control (knowing someone could have installed something) is troubling me, and the only way i can relax a bit is to know the possibillties. It's good that people here give explanation exactly as things are, not covering information for the common user, and even if the odds are little someone somewhere will get screwed because he never know that rubber ducky (for example) could have done this and that and so on

When the USB device is enumerated the driver may be installed and that provides an exploit path.

I have to be honest here that I can't hold classes on the Rubber Ducky. There are forums and sites on that. You brought up the questions so I turned to what I use today for forensics and more. The PC was never made to be a secure computing platform.

Knowing that it works should suffice here. If you need to get into deeper details, time to ask in Rubber Ducky forums?

Anyhow I'm just a seasoned embedded electronics designer that learned a bit too much over the years about the PC, programming and such. I have a hard time trying to condense how it works into such a small text box so I no longer do that.

Instead I'll note devices I own and use (yes, I have a Rubber Ducky, I think it's been the best thing to show staffers that their ideas on security often have big holes.

-> On non PCs over the years I found other issues with physical access. A SUN computer would bomb out if you unpluged/plugged in the keyboard a few times. A few times it landed me in a root capable shell. That was an amazing find. The stories go on but the lessons are best summed up as.

1. Maintain physical and other security.
2. Nothing is totally secure.

True, the help you provided so fat war more than enough. I may still do a more detailed research about the Rubber Ducky itself, but the simple fact so many people here in my region that are supposed to be advanced have no idea what it is give me hope that no one used it on mine laptop.
Here what came to my mind, and this is purely out of curiousity, does those malwares- keyllogers, adware and so on have expiration date. If they remain undetected by the user, won't they eventually stop working, after windows updates and so on. They probably would need some type of updating just like any other program does? What do you think

Some expire, some kick right in and others bide their time, sleeping till a certain date.

For example if you wanted to mount a denial of service attack you would try embedding it slyly in some app but not raise any alarms. Then on the day of your choosing command your army to attack.

As to updating the story I've read on most trojans/malware is they have pretty short lifespans since once they are discovered, the afflicted OS may get an update. Apple has squashed many an OS bug with an update.

Okey I will be around with more interesting questions. Good night for now!

Horrible. Than i am back on my old plan to buy one of those laptop like tablets like yogabook and only type my passwords from the touchscreen, i bet they have no way of intercepting that. The tablet is just around 500g so it should be easy to carry around on hostile enviroment.

I friend of mine few years ago planted a tiny not that expensive camera right on top of the desk where his roommate girlfriend used to leave her laptop, he captured her login password and other things, ever since i learned that story i always check surroundings for camera and whatsoever. I never type passwords on places where they are cameras or windows nearby..