Galt's Gulch

USB - Unlimited Surveillance Backdoor?

Posted by freedomforall 9 years, 6 months ago to Technology
28 comments | Share | Flag

Any cynics among us see this as a designed feature, not a flaw?
SOURCE URL: http://www.geek.com/news/an-unfixable-usb-bug-could-lead-to-unstoppable-malware-1605997/

Add Comment

FORMATTING HELP

All Comments Hide marked as read Mark all as read

  • Posted by khalling 9 years, 6 months ago
    There is no such thing as perfect security, like a lock on your door, someone can pick it. There are always a counter. The problem is not that our computers are somewhat vulnerable-it is that our governments are purposely exploiting these issues to infringe our rights and turn us into slaves. This is not a technological issue, it's a philosophical issue, in my opinion.
    Reply | Mark as read | Best of... | Permalink  
    -
  • Posted by woodlema 9 years, 6 months ago
    I have been in the IT world for over 30 years. I date back to Zenith systems and computing in the punch card days. In all that time, there is only ONE type of completely secure computer.

    That is the computer that is unplugged from everything, encased in 500 tons of concrete, and dumped to the bottom of the Marianas trench 7 miles under the ocean. Other than that, they are all vulnerable.
    Reply | Mark as read | Best of... | Permalink  
    • Posted by freedomforall 9 years, 6 months ago
      Agree. IIRC, the first computer (an IBM at a service bureau) I worked with had 64k memory and filled an entire floor of an office building (including all the drives, aircon, card readers and punchers, etc.) There wasn't a lot of concern about security then, other than restricting access to the processor room.
      Reply | Mark as read | Parent | Best of... | Permalink  
  • Posted by LionelHutz 9 years, 6 months ago
    Step 1 in creating a new technology is just making it work at all. Step 2 is make it robust, able to handle all foreseeable use cases. Moving to an additional step to secure the operation of the technology is rarely done. Device security on computer IO ports has never been a thing in my entire life experience until HDMI came along and the security there was for copyright enforcement, not system integrity. I only scanned two articles that discuss this matter, and my understanding gleaned from that leads me to believe this same class of attack can be pulled off with PCI cards, firewire ports, and possibly even DisplayPort. All it takes is someone with a drive to explore these areas and we may well find out some additional bad news.
    Reply | Mark as read | Best of... | Permalink  
  • Posted by Zero 9 years, 6 months ago
    Of course it is being used. Even if it wasn't before, it is now. What the hell good would the NSA be if it wasn't at the forefront of such "spyware."

    What security is possible against state sponsored surveillance?

    And when wet-ware comes to be, when the transistor-neuron link is perfected, what protection will exist for us then?

    And people will run to it.
    Even I, no doubt, eventually.

    Down the rabbit hole to the "hive-mind."

    Ah well, we are temporal creatures - products of our own time. Probably best not to worry tooooo much about what will be.
    Reply | Mark as read | Best of... | Permalink  
  • Posted by wiggys 9 years, 6 months ago
    i think governments thrive on turmoil in the populace. for peace of mind just don't worry about all of this nonsense. considering what is going on rthese days everything will ultimately come crashing down on itself. as alfred e newman once said "what me worry".
    Reply | Mark as read | Best of... | Permalink  
    -
  • Posted by $ jlc 9 years, 6 months ago
    This requires physical access to the computer, does it not?

    Jan
    Reply | Mark as read | Best of... | Permalink  
      -
    • Posted by Zero 9 years, 6 months ago
      I don't think so, J.

      By "reverse engineering" they have recreated the code the programmers used to write the USB utility, from the "bit-byte" binary program, compiled from that code, that is essentially unintelligible.

      Once you know the command instructions you can make use of them yourself. In particular, once you know where certain "memory" is stored, you can directly access it. This includes stored instruction sets.

      The firmware would still exist - essentially inviolable - (so long as the "chip" is not re-writable) but the program it runs can be manipulated at will. By malware delivered as usual.
      Reply | Mark as read | Parent | Best of... | Permalink  
        -
      • Posted by $ jlc 9 years, 6 months ago
        This is bad news. May I send your explanation on to our dev list?

        Jan
        Reply | Mark as read | Parent | Best of... | Permalink  
          -
        • Posted by Zero 9 years, 6 months ago
          Feel free, JC, hopefully I didn't mangle it too bad.

          I was a programmer for several years before the dot-com bust, but never a hacker (death to them all!)

          Still, I'm pretty sure that's accurate.
          Reply | Mark as read | Parent | Best of... | Permalink  
            -
          • Posted by freedomforall 9 years, 6 months ago
            Hang on! There are good hackers, too.
            Help me Obi-Hacker, you are our only hope against the surveillance state.
            Reply | Mark as read | Parent | Best of... | Permalink  
              -
            • Posted by Zero 9 years, 6 months ago
              There is no hope against the surveillance state.

              And good hackers? Well... I guess I can acknowledge the possibility.
              After all the universe is practically infinite.
              Ha! (Kinda.)
              Reply | Mark as read | Parent | Best of... | Permalink  
                -
              • Posted by freedomforall 9 years, 6 months ago
                The perversion (by government and media, who else) of the word hacker has you brainwashed ;^)
                Have a look at some hacking lore:
                http://www.catb.org/jargon/html/meaning-...
                Reply | Mark as read | Parent | Best of... | Permalink  
                  -
                • Posted by Zero 9 years, 6 months ago
                  Really dude?

                  "An appropriate application of ingenuity?"
                  "A creative practical joke?"

                  I worked in IT for over 20 years. I've seen the damage inflicted by these "creative practical jokers."

                  I remember in '86, contracted to IBM, I saw a system attack for the first time. Every IBM'er with a computer lost a half-day's work over a "creative practical joke."

                  Over 500,000 people worldwide worked for IBM then and their entire intranet was toast.
                  You could have burned down a warehouse and caused less damage.

                  Three days later they traced it to a college student in Germany.

                  How likely is it that he went to prison?
                  Hmmm, lemme think...
                  "Who wants to ruin the life of such an intelligent young man? Bright and with such prospects?"
                  (Usually white and educated, too!)

                  Bullsh!t.
                  Death or slavery to them all.

                  And brainwashed? Check your own premises, FFA.
                  I don't think they called it a "hack" back in '61.
                  Reply | Mark as read | Parent | Best of... | Permalink  
                    -
                  • Posted by freedomforall 9 years, 6 months ago
                    With all due respect, your story does not refute my original statement: There are good hackers, too.
                    My first response to you was that good hackers exist, and your reply appeared to be disbelief. In good humor (that's what the ;^) indicates, humor) I gave you a link to some humorous entomology of "hacking."
                    Your reply indicates that you believe there is only one possible connotation for the term, hacker.
                    The reality is quite different.
                    I know many productive programmers who do good work, have a sense of humor, and are not responsible for DOS attacks or computer viruses.
                    Most of them are proud to be called hackers, as the term can be one of respect and admiration among programmers.
                    The term has been and continues to be praise among clever programmers/designers, and the connotation that you think is the only definition does not apply to most of them.
                    Killing them all off would leave the software industry filled with drones lacking in creativity.
                    A dark age would descend on mankind ;^)
                    http://www.youtube.com/watch?v=VtvjbmoDx...
                    (The girl is the 'hacker.')
                    Reply | Mark as read | Parent | Best of... | Permalink  
                      -
                    • Posted by Zero 9 years, 6 months ago
                      And "pimpin'" has become a harmless word too, freed of the connotation of its sinister root.

                      "Hack" meant just that. To break into with malicious intent.

                      Sure they were clever. So what.

                      But I'm cool. I'll be good.
                      I'm just old.

                      Movin' on.
                      Reply | Mark as read | Parent | Best of... | Permalink  

FORMATTING HELP

  • Comment hidden. Undo