We’re all screwed

I picked up my work laptop yesterday because it was so slow, it was impossible to use with any reasonable speed. My computer repairman told me it was clogged up with viruses. He said Norton sucks, and said the free anti-virus program I use is the one he prefers (AVG). He warned that it was basically impossible to avoid them if you spent much time online — he compared them to potholes. He advised me to be vigilant about updating Java, Flash, and Adobe, because their vulnerabilities were the most popular point of entry for malware and viruses. That’s why I have a backup service — you never know when you’ll need it.

Oh, and by the way, did I mention tomorrow is the beginning of the Mercury retrograde?

Via Wired:

Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer.

Caudill and Wilson reverse engineered the firmware of USB microcontrollers sold by the Taiwanese firm Phison, one of the world’s top USB makers. Then they reprogrammed that firmware to perform disturbing attacks: In one case, they showed that the infected USB can impersonate a keyboard to type any keystrokes the attacker chooses on the victim’s machine. Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware.

But he (Karsten Nohl) warned that even if that code-signing measure were put in place today, it could take 10 years or more to iron out the USB standard’s bugs and pull existing vulnerable devices out of circulation. “It’s unfixable for the most part,” Nohl said at the time. “But before even starting this arms race, USB sticks have to attempt security.”

3 thoughts on “We’re all screwed

  1. Haven’t we all known from the very beginning that someone(s) could hack into any system? Don’t we also know that there are companies set up that employ people to figure out ways to hack into everything? For profit. Or for the sake of national security. Like the NSA. There is no constitutional protection for anyone any more. The Constitution died when the Supreme Court appointed George W. Bush to be the president. It was buried and given a funeral by Obama.

  2. Have you thought about giving Linux a try? No, really. Let me explain. At this point there are versions that are way easier to install than Windows, and the programs are just as easy to use. It has a much lighter footprint, so it runs noticeably better on low-memory machines. If you have a way of giving it a try (obviously, you don’t want to put it on your main work machine without knowing anything about it) then the one I’d suggest is LinuxMint “Cinnamon.” It’s the first choice on that linked page. Get a 32-bit version if you have less than 2GB system memory (what we used to call RAM), 64-bit if you have 4GB or more.

    At this point the only reason not to use Linux is inflexible compatibility requirements with work computers. But so long as tax accounting, CAD, CAM, professional Photoshop, or some kind of specialized software aren’t an issue, there isn’t really a problem. Anyway, if you’d like more detailed info, let me know and I’d be really glad to help.

Comments are closed.