Full Story: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/ Say goodbye to your USB? Wut say U?
not tempted to go back to floppies.. or dvds.. just a pity such security vultures think they are doing something constructive, by making it public. as usual, i am afraid they are only in it for the money. again.
I tend to agree. Nothing would stop them from working with the manufacturers if they truly wanted to. Sure it's tough to get big business to listen, but persistence and the right person would get the companies moving. I guess we will hear more on this one.
I've heard of a version of this where it would take document files and run them as exe files if you double clicked them. Honestly, protecting yourself from these sorts of things is just as easy as avoiding malware from downloading... You simply don't use suspicious devices. The major problem, of course would be if someone like the NSA intercepted packages from China, which makes all our USB stuff, and simply doctoring one of the cables with lookalikes. They've been doing it with usb flash drives for a while, but only recently have they been doing it with cables and other usb connections.
hm. new to me.. naive walrus.. i have run my pc for over 2 years now.. and had no accidents, still as fast as ever. still, i have my doubts about calling prevention easy.. someone like nsa is not like a person to me.. it is like a criminal organisation.. not that i double click on suspect garbage, ohno.. and i have got some loose thoughts about what comes out of asia.. having been employed by huawei at one time.. just would like to mention that i never caught them at getting smart, over time..
interesting, and scary. one problem, imho, is that as soon as these exploits are published every hacker in the world is going to try and reproduce it. there's no way to completely secure a computer accept disconnect from the internet, and that ain't happening. this is just goint to make it harder to try and secure.
The source code (Written in C# and 8051 ASM) is available on GitHub for those who want to take a look at it. I won't publish the link, as this may be against MDL policy. Not all USB devices are compatible for use with this exploit, although I'm sure it will change as hackers start to tinker with it.