badusb

A deep dive into the technical feasibility of Bloomberg's controversial "Chinese backdoored servers" story

Last October, Bloomberg published what seemed to be the tech story of the year: a claim that Supermicro, the leading supplier of servers to clients from the Pentagon and Congress to Amazon, Apple and NASA, had been targeted by Chinese spies who'd inserted devastating, virtually undetectable hardware backdoors into their motherboards by subverting a small subcontractor in China. Read the rest

Ships are just giant floating computers, filled with ransomware, BadUSB, and worms

A coalition of shipping industry associations has published The Guidelines on Cyber Security Onboard Ships, laying out best practices for the giant ships that ply the seas, and revealing that these behemoths are routinely infected with worms, ransomware, and malware spread by infected USB devices. Read the rest

How many computers are in your computer?

Gwern Branwen asks the deceptively simple question "How many computers are in your computer?" Read the rest

Modechai Guri: the guy who gets data out of airgapped computers

Computers that are isolated from the internet and local networks are said to be "airgapped," and it's considered a best practice for securing extremely sensitive systems. Read the rest

Opsec for a world where the laptop ban goes global

If the Trump administration makes good on its promise to pack all potentially explosive laptops together in a blast-multiplying steel case in the plane's hold, it will be good news for would-be bombers -- and bad news for your data security. Read the rest

USG: an open source anti-BadUSB hardware firewall for your USB port

BadUSB is bad news: malware that targets the firmware in your USB port's embedded system, bypassing the OS, antivirus software and other countermeasures. Read the rest

Usbdriveby: horrifying proof-of-concept USB attack

Samy Kamkar has a proof-of-concept attack through which he plugs a small USB stick into an unlocked Mac OS X machine and then quickly and thoroughly compromises the machine, giving him total, stealthy control over the system in seconds, even reprogramming the built-in firewall to blind it to its actions. Read the rest

E-cigs and malware: real threat or Yellow Peril 2.0?

After a redditor claimed to have gotten a computer virus from factory-installed malware on an e-cig charger, the Guardian reported out the story and concluded that it's possible. Read the rest

Fixing the unfixable USB bug

Security experts have been haunted by the prospect of unpatchable, potent, fundamental bug in USB devices; the tension only heightened when sourcecode for an exploit went live last week. Read the rest

Sourcecode for "unpatchable" USB exploit now on Github

Last summer's Black Hat presentation on "Badusb" by Karsten Nohl alerted the world to the possibility that malware could be spread undetectably by exploiting the reprogrammable firmware in USB devices -- now, a second set of researchers have released the code to let anyone try it out for themselves. Read the rest

:)