[Solved] Secure USB writables... the "new" floppy?

[fullmoonremix]

Salutations...

More reasons NOT to boot with USB writables (eg. Stuxnet )...
http://arstechnica.com/security/2013/10 ... s-airgaps/
https://www.schneier.com/blog/archives/ ... e_has.html

It seems there is only ONE reason to boot with USB writables...

The Rolls Royce of USB writables IF used responsibly. This means operating system only (NO storage use except OS persistence) and ALWAYS booting LOCKED (read ONLY switch!!!)...
https://www.kanguru.com/storage-accesso ... ware.shtml

"Best Regards"...

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

[Evan]

<removed>

[Rava]

I read the post by Dan Goodin you linked above and looked at what wikipedia has to say about BadBIOS

BadBIOS is an alleged advanced persistent threat reported by network security researcher Dragos Ruiu in October 2013[1] with the ability to communicate between instances of itself across air gaps using ultrasonic communication between a computer's speakers and microphone.[2][3] To date, there have been no proven occurrences of this malware.

Highlight by me.

Also, interesting read: Talk:BadBIOS

[fullmoonremix]

Salutations...

"more REASONS..." :no:https://en.wiktionary.org/wiki/reason

A motive for an action or a determination.

This thread title does NOT argue for or against badBIOS nor is it the focus. This thread title (and subsequently the thread itself) 'questions' USB vunerablities.
Contingency is risky... convenience is riskier. Therefore... some of the issues badBIOS raises illustrate this.

Not for nothing... the other link was for "badUSB". In any case regarding the specter of vulnerability...

known??? http://www.theregister.co.uk/2013/11/01 ... ng_badbios

...malware can prevent a machine from booting from CD, can stop system administration software from working, and attempts to burn evidence of the nasty onto optical media is thwarted by the rootkit – which, we're told, can hook into classic BIOS, EFI, and UEFI firmware.

known... http://www.infoworld.com/article/260962 ... -real.html

Each malicious scenario revealed by Ruiu is possible. This is perhaps the most frustrating part.

known... http://arstechnica.com/security/2013/10 ... s-airgaps/

As a security professional, the organizer of the internationally renowned CanSecWest and PacSec conferences, and the founder of the Pwn2Own hacking competition, he is no doubt an attractive target to state-sponsored spies and financially motivated hackers.

known... http://blog.erratasec.com/2013/10/badbi ... ained.html

What hackers can do is overwrite the BIOS flash memory, adding their own code that runs on startup.

Each microcontroller has its own flash memory and "firmware", most of which can themselves be updated.

"Everything Dragos describes is plausible. It's not the mainstream of 'hacking',

known... https://nakedsecurity.sophos.com/2013/1 ... the-story/

Spreading via USB sticks, like Stuxnet did, would surely be a satisfactory explanation on its own (though the part assuming automatic code execution via USB on multiple operating systems sounds highly speculative, too).

known... http://www.infoworld.com/article/289169 ... -real.html

The NSA's recently revealed firmware hack is another matter. Although the revelations may be startling to some, there are two big reasons why it is demonstrably real...

IMHO... "air gapping" although perhaps plausible @ this time is still Proof of concept

see...
http://www.jocm.us/uploadfile/2013/1125 ... 803901.pdf
http://www.theregister.co.uk/2013/12/05 ... g_malware/


"Best Regards"...

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

[Rava]

Oh you can quote reasons? I can quote some peoples minds, like so:

Know-it-all
Besserwisser
http://www.dict.cc/?s=Klugschei%C3%9Fer
http://www.dict.cc/?s=Dummschw%C3%A4tzer
____________________________________


And what you say is wrong, you only mentioned the BadBIOS in your initial post, trying to construct a connection between the unproven theory (have you read the wikipedia article and its discussion page?) about BadBIOS?

You gave no more arguments than that, and I replied to your lack of prove, lack of argumentations, lack of any substance.

And you quote the definition of "reason". Sure, because you did fail in trying to create a connection between BadBIOS and USB writeables, but you are not able to prove that theory. Are you beginning to troll us?

Cheers

It is obvious that I called no one names, and I will not do so. The people's own actions is what will finally show their true self to the world.

[fullmoonremix]

Again... this is dialogue NOT debate. A question has been raised. There is NOTHING to prove/disprove.

By belief I am agnostic. Proof or lack thereof is meaningless in the face of the unknown.
However... the unknown still raises questions about things known.

In life all man can do is adapt... which is why death was invented.
It's a motivator for children to help them grow up.

You are a mod. Your role and mandate is to answer to a higher standard.
One of those standards is disagreement (if any) NOT... "disgreeable".

Again... if you have questions ask the magic one. (ie. "What do you mean?")
Going back to antiquity... most wars were the result of failing to ask that question.

In regard to trolling... raising questions is NOT trolling. FAILING to ask the "magic" question IS trolling.

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

[Rava]

fullmoonremix and me moved our discussion to PM.

[brokenman]

More reasons NOT to boot with USB writables

It's not the fact that they are writable. This nasty hides in the firmware of the device, regardless of partition writability. I wrote about this badbios thing some time back. Nasty business, but on the other hand it also may well have been a hoax. I don't think we will ever know.

I guess the reason USB devices are targeted lies in them being small and convenient. The vulnerability part is the human. A more apt title would have been, "More reasons not to boot with a USB you found in the car park at work, or received as a promotional gift from an ex girlfriend"

[fullmoonremix]

Salutations...

Alas... that thread title would overlook anything internet facing such as internet cafes... hotel/fast food hotspots... kiosks... etc.
The vulnerability like with floppies... is not the device at all it's the writablity (more specifically... "bootabilty") itself.

The goal of a bug is survival. If the environment is static it will retaliate by forcing writability (shutting down the static boot).
I've been wrestling with this issue for over 3 decades and the common denominator always comes back to the same default.

If static media (eg. "locked/burnable") although not a panecea at least a smaller vector. If "writable" anything you plug it into could open a door.
Regardless of the device's origin (purchased or otherwise)... the attack vector is drastically increased when a writable device is made bootable.

This is also true of burnable media with the glaring difference... that if the origin is pristine (sequestered) it remains so.
This is why a reputable paid OS disk service may be an attractive although modestly expensive option.

IMHO... I strongly endorse the use of burnable media (ie. cd/dvd) as a viable option to reduce attack vector surfaces.
I would rather tether to an external burner and use the "copy2ram" cheatcode to eject and untether it... than use a USB writable.

"Best Regards"...

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

[Rava]

More reasons NOT to boot with USB writables
It's not the fact that they are writable. This nasty hides in the firmware of the device, regardless of partition writability. I wrote about this badbios thing some time back. Nasty business, but on the other hand it also may well have been a hoax. I don't think we will ever know.

Exactly, and since any USB device can have a writeable firmware, many folks who disallow any non issued USB storage device (like the US military) are okay with the people bringing the "official" USB devices like mouse and keyboard, forgetting that was makes thes things seemingly "official" is just the writeable firmware, and a hacker or cracker can make any USB device to have the UUID he wants, and then most military or security branch would accept that device. "It has one of the official allowed UUIDs, so it cannot be of danger"...

[Evan]

<removed>

[fullmoonremix]

Salutations...

I strongly endorse the use of burnable media (ie. cd/dvd) as a viable option to reduce attack vector surfaces.

Caveat... I also strongly endorse writables for what they do best. What they are best @ is "storage"... what they are worst @ is "booting". This has been the case since 5.25 floppies and continues.

"Best Regards"...

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

[fullmoonremix]

Salutations...

If used RESPONSIBLY write protected USB's (floppies were once used for DOS rescue disks) could be an alternative...
http://www.ebay.com/itm/152045161493?_t ... EBIDX%3AIT
http://www.ebay.com/itm/291671956164?_t ... EBIDX%3AIT

"Best Regards"...

[brokenman]

Since before the birth of Porteus I have used writable USB devices moving from machine to machine happily booting and have never had a problem with any of these rootkits/virii/malware jumping onto my devices. Most computers have a writable boot partition. I have had a problem plugging them into public windows machines at which point they can become immediately infected.

I guess I just don't get the paranoia and scare mongering about booting Porteus from writable devices. That's what it was designed to do.

[fullmoonremix]

Salutations...

As I have stated before... Porteus is not being villified nor should it ever be. There is absolutely nothing wrong with Porteus. What has been suggested is true for any OS on any architecture.
As always... the context is attack vector surface smaller as opposed to larger. Numerous studies have been done on writable media regarding this for many years.

The idea is... it's usually preferable to buy the umbrella before it starts raining (unless the guy down the block is building an Ark?).
The point is not fear or paranoia it is proactivity and contingency.

One of the biggest problems with malicious code are false positive(s)/negative(s).
Hence... as they say "the greatest trick the devil played on man was to make him think he does not exist".

I have used many systems both secure and otherwise for many years. What I describe is from actual encounters (by me and others) many long before
I became CompTIA A+ Tech certified (a nasty one I defeated in '93 that Norton advised to ship to their forensic facility) that usually manifest in static environments.

These problems have probably existed since the beginning of modern computing and will likely continue (I'm sure Alan Turing had to wrestle with these early constructs).
Right now there is probably some moron somewhere working on the next generation of Stuxnet or whatever ready to release it into the wild to amuse himself.

Unfortunately... this the age of NSA... Stuxnet... Snowden... Anonymous... Darknet... vulnerable power grids and infrastructure... etc.
The bottom line is... in the "wild" there are lots of clever people doing many disagreeable things.

"Best Regards"...