Results 1 to 19 of 19

Thread: Watch what you plug into your USB port

  1. #1
    Senior Member UncleFai's Avatar
    Join Date
    Mar 2010
    Location
    Singapore
    Posts
    4,429

    Default Watch what you plug into your USB port

    http://arstechnica.com/security/2014...ces-turn-evil/

    An unpatchable malware exploiting USB... be careful.

    When a USB connection is made, your laptop/PC trusts the other end to be what it says it is. That other end can be hacked such that it is a thumbdrive pretending to be (say) a USB keyboard that will automatically (say) type in nasty commands into your PC. Theoretically not patchable since there is no way your PC can tell that the other end of the USB connection is not what it says it is.
    Last edited by UncleFai; 3rd October 2014 at 02:43 PM.

  2. #2
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by UncleFai View Post
    http://arstechnica.com/security/2014...ces-turn-evil/

    An unpatchable malware exploiting USB... be careful.

    When a USB connection is made, your laptop/PC trusts the other end to be what it says it is. That other end can be hacked such that it is a thumbdrive pretending to be (say) a USB keyboard that will automatically (say) type in nasty commands into your PC. Theoretically not patchable since there is no way your PC can tell that the other end of the USB connection is not what it says it is.
    The likelihood you get your computer hit by one is much lower then you getting struck by lightning on a sunny day. Just like the Bash Bug hysteria.

  3. #3
    Moderator ed9119's Avatar
    Join Date
    Mar 2002
    Location
    Singapore
    Posts
    10,931
    Blog Entries
    26

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by sammy888 View Post
    The likelihood you get your computer hit by one is much lower then you getting struck by lightning on a sunny day. Just like the Bash Bug hysteria.
    Dont be too sure bro'
    These can be used for perfectly innocent marketing campaigns that might irritate the hell out of you .SO be real careful with those thumb drives that companies give out for free containing product information..... and we not talking about small companies only
    shaddap and just shoot .... up close
    Walkeast

  4. #4
    Senior Member UncleFai's Avatar
    Join Date
    Mar 2010
    Location
    Singapore
    Posts
    4,429

    Default

    Quote Originally Posted by ed9119 View Post
    Dont be too sure bro' These can be used for perfectly innocent marketing campaigns that might irritate the hell out of you .SO be real careful with those thumb drives that companies give out for free containing product information..... and we not talking about small companies only
    Yup, USB thumb is the new CD. Low capacity one cheap enough for mass campaigns.

  5. #5
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by ed9119 View Post
    Dont be too sure bro'
    These can be used for perfectly innocent marketing campaigns that might irritate the hell out of you .SO be real careful with those thumb drives that companies give out for free containing product information..... and we not talking about small companies only
    Heheh the last time I put in a USB thumbdrive that a stranger gave me was ..... maybe once in the early days of USB Thumbdrive. The only ones that does are my IT support dept of my office or my ex bosses and most don't even indicate to me they have a clue in the area of hacking and to some degree more complex security. Hacking was a bit of a side hobby of mine years ago when i got interested in computer viruses. If all this time you have been inserting free CDs and USB thumbdrives from marketing media and strangers then you better not have any naked selfies on your computers for example hahahahah.... Odds are you will get a virus attack a lot faster then someone do a "mission impossible" hack on your computer.

    I can give you examples about possible places or persons where doing this hacking makes more sense for profit, notoriety and gains then a random person or group off the street. Unless that person targeted you for a very good reason and those would be usually someone you KNOW or KNOWS YOU VERY WELL. Before this USB hardware bug that allows for a built-in hacking or malware program to self execute just by inserting, self executing programs or piggyback programs has been around and a long time. I use to make self execution files for friend who don't know how to do install certain data. I made a simple program that they just insert diskette,CD or thumbdrive and I tell them what file execution to click. Problem is no one seem to care as much about boring IT security stuff. But those 'stuff' are your very personal or livelihood data yes?

    People suddenly are worry due to all this stolen naked selfies news as (more??) people started taking nude photos of themselves and putting them on their phones/computer or sent to each other that suddenly all the paranoid starts going wild. Especially easy in age of social media that spread news like a bush fire on the net. Yes i am sure this USB hacking thing is happening but hackers are not silly to waste time and effort on random targets. If they want something they will hunt down the most relevant target group for their specific reason. Marketeers these day can find better ways to get at your data or data mine your information way better then to go one by one thru out Singapore to do this or use a hacker.

    Just saying put things in into perspective and not be overly paranoid to carry on the commotion already out there or better yet.. along with the news, offer solutions too. Don't fan the hysteria.

    By the way did you know there are easier way to get at your information presently or at least for hackers or people with the right softwware ... by WIFI. Yes this threat has been mentioned before but the general public have maybe forgotten all about it. With a hacking program in a notebook, he/she can just sit at a busy location filled with people or even offices that has people working on notebooks/computers and even phones. This is random but then again so is the USB thumbdrive. Random harvesting I call this. But you hear almost nothing about it. But once someone is caught with a lot of illegally attained naked selfies and then was told he use WIFI, then the hysteria starts all over again. It's always when something personal hit us that we then start to get off our butt and do something or panic. heheheheh. Have you every wondered if you die, your family gain access to your pc or phone and NAS and find all your porn or naked selfies or self style porn of yours??!! LOL. Worst.. you have sex toys under your bed or closet. Aiyo. *facepalm in heaven*

    Solution? The most basic thing to do is DON"T TAKE YOURSELF NAKED AND PUT ON YOUR COMPUTERS ..( another good reason is not everyone thinks your naked self is a sexy turn on. You might actually cause some people to vomit and scarred for life over your hairy a** or droopy inflated whatever. hahah ) and go learn about using your OS' built in encryption programs (or better yet from 3rd party which are usually better but will cost you extra) to protect your most important data (and selfies for those really freaking die hard MUST-SHOOT-MYSELF-NAKED-DOING-NAUGHTY-THINGS!! )

    Unfortunately for Mac computer people ...sorry. Your system is way more easy to hack then other platforms. Just WIFI alone there are enough ways and nightmares to contend with. Go find out why on the internet. All those years of boasting no one target a mac or mac don't need virus protection like the PC as it is better made claims. Well, go research how hackers hack macs. What phone do you think most celebrity uses that got their selfies stolen or about the apple icloud? heh. the reason PC are a lot harder to hack is due to all the many decades of being hacked and tons of viruses thrown at it. PC computers are the majority by around 90% that's why. Again as I said, if a hacker wants to get the best bang for their effort and notoriety in hacking, they hit the biggest market of computers. And thus PC gets a bad reputation for that thus PC companies spend a lot more time and money to toughen PC applications and Anti Virus/Malware companies started sprouting up to find ways to offer protect to PCs.

    But yes USERs still must learn basic security things on their part or at least set up certain security on their pc to at least be safe enough from general intrusions. The good news is in recent years Apples has toughen their security better with encryption .etc. But I think not enough still ebing done to encourage their users to be more aware of the dangers. This is not a Apple versus PC speech folks just saying. So in that rationale Macs users should invest in protection software like anti virus and/or internet security program just like us PC users but sadly I am sure most are not willing to for whatever real or mythical reasons Apple device feels their devices are immune to. Well the good news for them at least is that most of their devices don't have USB docks heheheheh... but the WIFI is a big bad wolf still out there folks. Just a thought folks... hate the game not the player heeeee. Chill. Ah..one last tip.. disable auto-run function on your system so that most CDs,diskettes( i fyou still use one) or thumdrive..etc don't start up when your OS discovers it.

    damn.. weekend too free writing nonsense

    Another thing. And also note.. hacking sometime does not need a USB, sophisticate device or software as per say. It has alot to do with understanding human conditioning. A very famous hacker years ago did this very simple thing. He wrote a hacking software and copy it to multiple of diskettes. On the diskettes he wrote SALARY DATA BACKUP. He took this diskettes and went to various office he could get into and drop them on the floor. Imagine if you are someone walking about and chance upon this. Would you give it back to the account dept or try to click open to see? Suffice to say he got access like nobody's business.
    Last edited by sammy888; 6th October 2014 at 03:42 AM. Reason: typos

  6. #6
    Senior Member Sion's Avatar
    Join Date
    Jan 2004
    Location
    新天地
    Posts
    4,768

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by sammy888 View Post
    Heheh the last time I put in a USB thumbdrive that a stranger gave me was .....
    His name is not Edison Chen?


  7. #7
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    No Comments hahahaha

  8. #8
    Senior Member Sion's Avatar
    Join Date
    Jan 2004
    Location
    新天地
    Posts
    4,768

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by sammy888 View Post
    No Comments hahahaha
    So you're not the one to put his naughty photos in the net?

  9. #9
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by Sion View Post
    So you're not the one to put his naughty photos in the net?
    Anyone who use their HDD to store naughty photos and then when the pc is spoilt.. would just sent it in to the store to fix is a dummy heheheh.... But I could have done just that with my former boss' notebook ( as the repair IT guy at my office) and I notice he kept his mistress photos on his computer and he used the same password to encrypt his notebook and those photos. Damn lucky he could trust me to keep the secret. heh
    Last edited by sammy888; 6th October 2014 at 08:52 PM.

  10. #10
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by sammy888 View Post
    Anyone who use their HDD to store naughty photos and then when the pc is spoilt.. would just sent it in to the store to fix is a dummy heheheh.... But I could have done just that with my former boss' notebook ( as the repair IT guy at my office) and I notice he kept his mistress photos on his computer and he used the same password to encrypt his notebook and those photos. Damn lucky he could trust me to keep the secret. heh
    Well further to my writing about hacking with WIFI... well if those who are not aware yet.. well this is what's possible on the new NIKON D750. You can actually get access to someone's D750 to see what photos is stored on his camera. You need to read this if you have a D750 to manual do some setting. The D750 out of the box is not set to be secure. You need to setup password to turn on security.good thing is Nikon uses WPA2 for their security protocol which is pretty solid.

    Link http://petapixel.com/2014/09/25/niko...n-your-photos/ and http://nikonrumors.com/2014/09/25/ni...pictures.aspx/
    Last edited by sammy888; 6th October 2014 at 09:25 PM.

  11. #11
    Senior Member Sion's Avatar
    Join Date
    Jan 2004
    Location
    新天地
    Posts
    4,768

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by sammy888 View Post
    Anyone who use their HDD to store naughty photos and then when the pc is spoilt.. would just sent it in to the store to fix is a dummy heheheh.... But I could have done just that with my former boss' notebook ( as the repair IT guy at my office) and I notice he kept his mistress photos on his computer and he used the same password to encrypt his notebook and those photos. Damn lucky he could trust me to keep the secret. heh
    Is that why you've promoted to his IT Chief?

  12. #12

    Default Re: Watch what you plug into your USB port

    I plugged in a USB microphone and the antivirus software detected an intrusion.

  13. #13
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by Sion View Post
    Is that why you've promoted to his IT Chief?
    hahaha.... like the emperor's food taster you mean heheh

  14. #14
    Senior Member Sion's Avatar
    Join Date
    Jan 2004
    Location
    新天地
    Posts
    4,768

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by kklee View Post
    I plugged in a USB microphone and the antivirus software detected an intrusion.
    Someone who used the microphone before might have mouth disease?

  15. #15
    Senior Member Sion's Avatar
    Join Date
    Jan 2004
    Location
    新天地
    Posts
    4,768

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by sammy888 View Post
    hahaha.... like the emperor's food taster you mean heheh
    And soon be promoted to his personal photographer as well.

  16. #16
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Default Re: Watch what you plug into your USB port

    Quote Originally Posted by Sion View Post
    And soon be promoted to his personal photographer as well.
    Better then that... lost a fortune due to trusting him. You don't know how tempted I was about sending those photos to his wife. heheh

  17. #17
    Member
    Join Date
    Dec 2005
    Location
    Singapore, Bedok
    Posts
    1,129

    Default Re: Watch what you plug into your USB port

    The Wifi "hacking" thing, only if the Wifi is not password protected right? (WPA etc..)

    If protected, it will not be as easy and casual hacker shd not able to to access rite? Even if you have WiFi connection, if the user doesn't share the folders, how are you going to gain access to the files?

  18. #18
    Senior Member sammy888's Avatar
    Join Date
    Sep 2004
    Location
    Singapore, Singapore, Singapor
    Posts
    1,568

    Cool Re: Watch what you plug into your USB port

    Quote Originally Posted by Limsgp View Post
    The Wifi "hacking" thing, only if the Wifi is not password protected right? (WPA etc..)

    If protected, it will not be as easy and casual hacker shd not able to to access rite? Even if you have WiFi connection, if the user doesn't share the folders, how are you going to gain access to the files?
    I still remember how back when WiFi first started becoming the norm in Singapore and HDB homes, a WiFi notebook installed with a sniffing s/w, you could connect to many unsecured or semi secured access point devices around the neighborhood and peep into those computers. That's because back then WiFi device right out of the box has their security protocol disabled and security protocols were still in their infancy and weak points were easily circumvented.

    BTW, hiding your SSID, limit your router's IP address pool or filtering your MAC addresses are not going to help much against good hacking tools too.

    If you own access point,router or any other WiFi devices still using encryption like WEP (Wired Equivalent Privacy) ...it's very YESTERDAY'S dinosaur and you should be wondering right now how many people have seen your stuff all these time without you knowing. WEP can be cracked in minutes with available cracking WiFi s/w out there.

    WPA (Wi-Fi Protected Access) is next in line but that too has security protocol issues thus was superseded by WPA2 which has been around for the last 10 years or so. Just to give you a brief chronological history of WiFi security progression. .

    Given the choice of
    WPA or WPA2, choose the latter EVERYTIME. If upgrading to a new WiFi hardware ensure it uses WPA2 encryption for sure. In both those modes, unless you are in a corporate level network, you will be using what's called the home mode WPA2 (PSK - Pre-Shared Key).

    Plus
    you should always beef it up ALONGSIDE a very strong password set. Bimbos who like to take nude selfies take note. Hackers can alwasy steal data packets from your computer/devices. What encryption does is it scramble the data so that a hacker sees nothing to make sense of what they capture from you. Without that key (password) they will not be able to put data back in the right way to see it.

    Preferably something like 13 characters of mixed case and symbols would be best. Never use words found in dictionary and names (family,friends or pets). A brute force password hacking program will break thru that overtime. A strong password would be like "S&sUv#86+?Ryz". Yes rather hard to remember such a password but also hard to crack too. No? How private and priceless are your data or nude photos again? Try to hide the code on yourself in some smart way that only you know how to decipher it or in parts where only you can to put it back together. That's how this old man does it since my memory is not that good heheh. I hid it in my phone, bags, wallet and in a number of plain sight at home but you would not know it.

    Beyond that.... so long as a human wrote the security code, another human with the right motivation, skill and powerful hardware will always be able to break the code. Sooner or later. That is how safe my data is. So I take the best route to secure them and also keep ahead on the latest security news once in a while.

    The sexual urge to see your favorite celebrity naked can be a very strong motivation to some 'pervy' folks. Turning a simple semi savvy net surfer into someone with so-so hacking skills thru the net and buying s/w online. heh. That person can even be someone who you know or stalking you. Welcome to the modern world of peeping toms. So be careful of what you store on your network or share. If the data is important to you, then keep it DISCONNECTED from a network device with no cable or WiFi enabled when it does not need to be. . Big companies ( Apple, Google or Microsfot etc) can build the strongest iCloud or data base server in the world for your data's safekeeping but at the end of the day, the end user like you and me are and always will be the weakest link. Simple as that.

    Ok that is about as layman as I can put it as another layman who just learn and dabble in such stuff for fun.

    PS. Shared folders or not, there are still possible ways to get access to them. Just take a surf on Google see for yourself heheh. I am not here to teach or take responsibility for anyone doing bad sh*t with the information. heheh
    Last edited by sammy888; 7th October 2014 at 04:54 PM.

  19. #19
    Member
    Join Date
    Dec 2005
    Location
    Singapore, Bedok
    Posts
    1,129

    Default Re: Watch what you plug into your USB port

    Even if the computers are physically connected via wired LAN, if there is no shared folder, it is still not possible (without advanced hacking) to access any of the files.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •