Sign in with
Sign up | Sign in
Your question
Closed

Don't Panic Over the Latest USB Flaw

Tags:
  • Security
Last response: in Home Theatre
Share
August 1, 2014 10:36:43 AM

"These attacks are easy to avoid with a little common sense and even the most rudimentary antivirus software."
Unless it's a nasty rootkit. I just had one that had gotten through ZoneAlarm and AVG. Solution-reinstall.
Score
0
August 1, 2014 1:58:56 PM

Intriguing, a USB stick that can make the computer think it's a keyboard, maybe a mouse to control the computer.
Score
-2
Related resources
August 1, 2014 8:02:15 PM

this is driving home the idea that these computers that we live our lives on are full of security holes and any or all of us could be the next target
Score
-2
August 4, 2014 8:33:37 AM

The author does not seem to understand the impact of this. They have reverse engineered the firmware that controls the basic communication functions of USB... The Malware piece was in addition.
Score
-1
August 5, 2014 12:47:17 PM

This is far more theoretical -- an improbable -- than many are painting it to be.

There are a half dozen popular USB controllers -- dozens more that are less popular. Each have their own models. SMI, Chipsbank, Alcor, Buildwin, and so on.

They are paired with a HUGE variety of memory in a variety of configurations. Hynix, Samsung, Toshiba, Micron, and so on.

You need to have the proper controller programming tool for the chip, and the proper database of memory chips.

There is not some universal programming tool that would allow your computer to infect any USB inserted into it.
Score
0
August 5, 2014 7:16:57 PM

Kopy-Rite's post is verbatim the same post I've seen in five or six Comments Threads at other websites. I do hope you are right, whoever you really are.

About the article:
"If you buy a new USB stick, it will not come with any unwanted software."
So, you never heard of the notorious Sony Rootkit?

"With some of the world's foremost researchers and hackers on the case, prophylactic and curative measures won't be too far behind."
Care to elaborate on what exactly these measures are? More to the point, if you don't even know what the measures are or could be, how can you be so sure they are not far behind?
Again, I do hope you are right. But I see no evidence that the author of this article even has a basic understanding of the claimed exploit vector.
Score
0
!