Facebook should be no surprise to anyone…

Posted on April 17, 2018 by Mark Urbin

Seriously, if you hadn’t figured out long ago that you were the product Facebook was selling, you were not paying very much attention.

Remember all those pictures you uploaded to Facebook.  If you read the terms of service, you will find that Facebook reserves the right to do anything they want with them, including using them advertising.

Or collect biometric data from them.

Filed under: Cyber-Security, Internet, Social Media | Tagged: , , | 2 Comments »

Travel Tip

Posted on May 14, 2017 by Mark Urbin

I recently saw a list of travel trips for nerds.  One was that TVs in hotels have USB ports that are typically powered ports, so you can use them to charge your various devices.

Good tip. I would still advise using a USB condom, because like most devices in the IoT world, most Internet capable TVs  lack even basic Cyber Security features.

Filed under: Cyber-Security, Geek Skills, IoT | Tagged: , , | 1 Comment »

The perils of USB

Posted on August 6, 2014 by Mark Urbin

USB has been great.  Connect anything to your system, it’s usually auto recognized, so it fits that useful category of “stuff that just works.”

Now Wired has pointed out that from a security standpoint, USB has some serious, fundamental flaws. In other words, you may be completely and utterly screwed.

It’s not just malware may be lurking on USB memory devices, perhaps even installed at the factory.  A couple of clever lads have figured out how to reprogram the flash that controls just about any USB device.   Which is pretty much like giving them the keys to the Kingdom.  Here are some of the scary highlights from the article.

“Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted.”

I’m waiting for the standalone device that reads and reflashes USB firmware to hit the IT market at an obscene profit margin.

Wait! It gets worse.

The problem isn’t limited to thumb drives. All manner of USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed—in addition to USB memory sticks, Nohl and Lell say they’ve also tested their attack on an Android handset plugged into a PC. And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.

The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases. Or if the code is planted on a phone or another device with an internet connection, it can act as a man-in-the-middle, secretly spying on communications as it relays them from the victim’s machine.

So the new mantra is don’t let your keys or any USB device out of your sight.

 

 

Filed under: security | Tagged: , , | Leave a comment »