Don't Panic Over the Latest USB Flaw

Status
Not open for further replies.

K-beam

Distinguished
Feb 10, 2011
7
0
18,510
"These attacks are easy to avoid with a little common sense and even the most rudimentary antivirus software."
Unless it's a nasty rootkit. I just had one that had gotten through ZoneAlarm and AVG. Solution-reinstall.
 

phil42

Distinguished
Jul 24, 2006
2
0
18,510
this is driving home the idea that these computers that we live our lives on are full of security holes and any or all of us could be the next target
 

rollzroyce22

Estimable
Aug 4, 2014
1
0
4,510
The author does not seem to understand the impact of this. They have reverse engineered the firmware that controls the basic communication functions of USB... The Malware piece was in addition.
 

Kopy-Rite

Estimable
Aug 5, 2014
1
0
4,510
This is far more theoretical -- an improbable -- than many are painting it to be.

There are a half dozen popular USB controllers -- dozens more that are less popular. Each have their own models. SMI, Chipsbank, Alcor, Buildwin, and so on.

They are paired with a HUGE variety of memory in a variety of configurations. Hynix, Samsung, Toshiba, Micron, and so on.

You need to have the proper controller programming tool for the chip, and the proper database of memory chips.

There is not some universal programming tool that would allow your computer to infect any USB inserted into it.
 

rcprimak

Estimable
Aug 5, 2014
1
0
4,510
Kopy-Rite's post is verbatim the same post I've seen in five or six Comments Threads at other websites. I do hope you are right, whoever you really are.

About the article:
"If you buy a new USB stick, it will not come with any unwanted software."
So, you never heard of the notorious Sony Rootkit?

"With some of the world's foremost researchers and hackers on the case, prophylactic and curative measures won't be too far behind."
Care to elaborate on what exactly these measures are? More to the point, if you don't even know what the measures are or could be, how can you be so sure they are not far behind?
Again, I do hope you are right. But I see no evidence that the author of this article even has a basic understanding of the claimed exploit vector.
 
Status
Not open for further replies.