Thursday, July 31, 2014

What I am reading 7/31/2014 - Bad USB, Bad, Bad, Naughty USB

I know I use that joke a lot but it just always seems to fit so well. 

Gizmodo - USB Has a Fundamental Security Flaw That You Can't Detect 
"You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it's 'clean... [But these] problems can't be patched. We're exploiting the very way that USB is designed."
The kicker is that it's virtually impossible to check whether a device's firmware has been tampered with, and even if it was, there's no single trusted version of it to check against. It's also worth pointing out that it can travel both ways: a USB stick could infect a computer with its malware, say, and the PC could then infect any USB device plugged into it.
Sweet!  And this isn't just USB flash drives.  It's any device with a USB controller chip, which means basically any USB device - mice, keyboards, headphones, flashdrives, anything.

Hacker News - More than 10,000 medieval manuscripts online -

Fantasy RPGers seeking some flavor for your games - Attack!!!!

Techspot - Hackers have compromised the once anonymous TOR network -
 it looks as though the network was compromised earlier this year along with some user data, according to a recent Tor developer blog post. It also said that those who used Tor between early February and July 4th of this year "should assume" they have been in some way affected by the attack.
The group goes on to say that the unknown attackers were able to gather information regarding hidden sites users were visiting (like Silk Road for example) and that there may well have been other parts of the network that were compromised as well. 

What can I say the internet is inherently insecure.  You use it at your own risk.

Infosec Institute - The Ramp with 5 Levels: Top 50 Network Administrator Interview Questions -
we will once again be dividing up different questions you may face in a Network Admin interview into 5 levels- least experienced to most experienced.
Here is one question from each level -

1.  What is the difference bewteen a hub and a switch?
2.  What is a Firewall?
3.  What are sticky ports?
4.  What are shadow copies?
5.   Why would you virtualize systems?


Post a Comment

OSCP and Defcon26

First - I was thinking my OSCP course started on the 27th, nope it starts on the 19th.  I would have missed it except i decided to double ch...