Feeds

* Posts by diodesign

962 posts • joined 21 Sep 2011

Page:

Plug and PREY: Hackers reprogram USB drives to silently infect PCs

diodesign
(Written by Reg staff) Silver badge

Re: Re: I call semi-bollocks

"This isn't a tool for the S'kiddies, this is potentially grown-up stuff."

Absolutely. This isn't for Anonymous. This is for cops and g-men. Strike up a conversation with someone at a conference, you've had a few beers, he or she suggests you whack in a USB stick to copy over some stuff you'd be interested in. You're savvy, you know you've disabled autorun and open documents in a VM or a non-sensitive machine. You're confident.

Doesn't matter in this case. Game over.

C.

2
0
diodesign
(Written by Reg staff) Silver badge

Re: This is nothing new... this has been done for years!

"This type of hack has been done for year."

Again, like the modified mouse above, this is custom hardware. You have one evil USB plug, there. Just one. What are you going to do? Go around plugging it into everyone you want to pwn?

With this BH exploit automated, you can modify USB sticks using purely software again and again and again, whenever a device with a supported micro-controller is plugged in to an infected PC. That's the point of this BadUSB.

"We need better reporting."

I need a better reader.

C.

4
0
diodesign
(Written by Reg staff) Silver badge

Re: Errmm.. old news?

"There was stuff about this *years* ago. I saw a demo of an 'infected' USB mouse infecting a PC it was plugged into"

You're talking about this? Look at it. It's been *physically* modified. This BH talk is about rewriting the firmware in an undetectable manner.

Imagine automating the process of rewriting the firmware using just software: every time a supported stick is plugged in, and your malware is on the PC, you get to infect the stick's firmware silently and reliably.

Which means, in theory, you can spread your software nasty from thumb drive to thumb drive (if they're using supported micro-controllers), creating an infection.

Having said that, this process is not /that/ new - see the links in the story to older presentations. What I believe is new here is reliable and realistic firmware rewriting that can be demonstrated on stage and weaponized.

C.

4
0
diodesign
(Written by Reg staff) Silver badge

Re: Michael C

"I may be missing something but how does the malware get on the USB device in the first place?"

I imagine you reverse engineer a vendor tool that updates the firmware, so you can see the magic packets needed to put the device into program mode. You then either read the firmware off the chip (if poss) or download a firmware update and work out what the raw binary is.

From there, you work out how the chip works internally: where registers are and so forth. You add in your new code, hook it up so it runs, and then upload that modified firmware to the controller in program mode.

Now you're all set. After that, make sure the PC malware you install has the capability of automating the above. And now you're cooking on gas.

IMHO it's the reverse engineering of the firmware and the firmware programming that's impressive. You shouldn't trust USB sticks anyway on machines that are sensitive. If you genuinely care about information security, you'd compartmentalize your data and systems so that plugging a random USB thing into your gaming PC doesn't screw over your machine with your PGP keys.

C.

8
0

Strange invite received from @sitpub.com citing one comment of mine

diodesign
(Written by Reg staff) Silver badge

Re: Strange invite received from @sitpub.com citing one comment of mine

Thanks. Can you tell me, please, who that was so I can follow it up? Email cwilliams @ theregister dot co dot uk, thanks.

FWIW Sitpub stands for Situation Publishing, the biz wot does The Register.

C.

0
0

Secure microkernel that uses maths to be 'bug free' goes open source

diodesign
(Written by Reg staff) Silver badge

Re: Clarifications

"We're using it in HACMS"

OK - I've tweaked the article.

C.

0
0

HGST polishes Ultrastar SSD whoppers, stuffs with denser Intel flash

diodesign
(Written by Reg staff) Silver badge

Re: ... 50year warranty period ...

No, it's a typo.

C.

2
0

Google devs: Tearing Chrome away from OpenSSL not that easy

diodesign
(Written by Reg staff) Silver badge

Re: bar

"At least you have a couple decent ones pretty close to your office"

Being based in San Francisco, we were at a rowdy place in the Mission, 16th and Valencia actually. The thing about having smartwatches and smartphones is that work emails (particularly corrections@ which we take seriously) tend to catch our eye even after a few jars of Anchor Steam.

Anyway, in the sober light of day I've taken the manual mod off Brian Scott poster's account. But please do keep pinging the corrections address - we'll pick 'em up night and day :)

C.

1
0
diodesign
(Written by Reg staff) Silver badge

"Actually, that's OpenBSD not NetBSD"

So why didn't you email corrections@theregister.co.uk? So you'll find all your comments moderated from now on. Well done.

It was fixed as soon as we spotted the mistake - in fact, it was corrected while we were in the bar after work.

C.

4
5

Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold

diodesign
(Written by Reg staff) Silver badge

Re: bunch of tw@ts

"Would this kind of thing earn me a letter"

No, I don't think that sort of file is on the BPI et al radar.

C.

0
0

The triumph of VVOL: Everyone's jumping into bed with VMware

diodesign
(Written by Reg staff) Silver badge

Re: Re: #Dell / Equallogic

"Chris just didn't reach out to us for this story."

Full disclosure: LJL is a Dell employee.

C.

0
0

HP's Machine and IBM's $3bn R&D splash – aka how to survive Google

diodesign
(Written by Reg staff) Silver badge

Re: I Ask

We don't know yet beyond Machine will use a mix of standard processors (x86 or ARM, say), and then custom silicon to finish the job.

C.

1
0

YouTube radio stream boss 'quits Google' amid outcry from indie labels

diodesign
(Written by Reg staff) Silver badge

Re: Curious..

When we find out, we'll let you know.

C.

3
0

HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert

diodesign
(Written by Reg staff) Silver badge

Re: No, they're not sekret spying tools

"pcapd - so top sekret it's been a documented developer tool for years"

No - the developer doc you linked to is about analyzing traffic from another device on the network, not by the device itself which is what pcapd does, allegedly. The doc you linked to says "iOS does not support packet tracing directly". That's contradicted by Jonathan's claims.

The other things you link to are not documented by Apple officially (AFAIA). They may well have been known for a while. There's no harm in a serious security researcher joining up all the dots for everyone.

Unless you're just happy doodle dandy with everything as it stands.

C.

21
0

New BOMB detect-o-tech 'could give sniffer dogs competition': TRUE

diodesign
(Written by Reg staff) Silver badge

Re: Great article.

No.

C.

1
0

NASA: ALIENS and NEW EARTHS will be ours inside 20 years

diodesign
(Written by Reg staff) Silver badge

Re: Bob

Perl is perfection. No need to improve it.

C.

0
0

Own a Cisco modem or wireless gateway? It might be owned by someone else, too

diodesign
(Written by Reg staff) Silver badge

The HTTP remote management is on by default. And there is no workaround.

C.

1
0

OpenWRT gets native IPv6 slurping in major refresh

diodesign
(Written by Reg staff) Silver badge

Re: Come on!

The key thing is DHCPv6 from what I can tell. I've tweaked the article.

Don't forget to email corrections@theregister.co.uk - your comments won't be seen and articles won't be fixed unless someone drops us a note. And we all want articles accurate, right?

C.

3
0
diodesign
(Written by Reg staff) Silver badge

Re: Daniel Palmer

Yeah it was a typo - should be 3.10. Don't forget to email corrections@theregister next time.

C.

1
0

YES: Scotland declares independence ... from the dot co dot uk empire

diodesign
(Written by Reg staff) Silver badge

Re: Or just plain offensive?

I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.

C.

3
0

Virty server bones thrown: Gartner mages see Microsoft rising

diodesign
(Written by Reg staff) Silver badge

Re: What A Load Of Shit

I was going to take your comment seriously, then I saw your username.

C.

2
0

Two years in the making: Sneak peek at VMware's future VVOL tech

diodesign
(Written by Reg staff) Silver badge

Re: NetApp is also a preferred design reference partner

Full-disclosure: gps1539 works for NetApp.

C.

0
0

Female! ex-Yahoo! coder! says! female! boss! fired! her! for! refusing! sex!

diodesign
(Written by Reg staff) Silver badge

Re: Digital Sex

"When I saw this story on the Daily Fail"

FWIW on the time delay: we saw this story first emerge on Friday evening (California time), but held off until we were able to obtain the court filing this morning. Just to check, y'know.

C.

14
0

Get ready for LAYOFFS: Nadella's coma-inducing memo, with subtitles

diodesign
(Written by Reg staff) Silver badge

Re: I can't believe

"I wasted a few minutes reading Nadella's memo"

We did warn you!

C.

13
0

Amazon Zocalo rocks Box, socks DropBox, clocks Google Docs

diodesign
(Written by Reg staff) Silver badge

Re: Most obnoxious article title in history

Thanks!

C.

4
0

Too Much Clickbait

diodesign
(Written by Reg staff) Silver badge

Re: Too Much Clickbait

"Please stop being so clickbaity"

Ah, it was a joke; a sendup of stupid headlines that claim you can make $$$s with one weird trick. Can't you tell it was out of style? Every word was capped up, and it's like no other headline on the front page.

"Jokey headlines - great"

This must be what it feels like to tell a joke on stage and be met with silence.

C.

0
0

What's your game, Google? Giant collared by UK civil lib minister on 'right to be forgotten'

diodesign
(Written by Reg staff) Silver badge

Re: Re: right to change history

"this no-body MP"

As a point of order, he's the Minister of State for Justice and Civil Liberties; deputy leader of the Lib Dems; Lib Dem president; and been an MP since 1983.

C.

6
3

Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail)

diodesign
(Written by Reg staff) Silver badge

Re: "Roth had notified them about the hole via Twitter"

Actually, Roth contests what ProtonMail suggested - and said he emailed in the vulns.

https://twitter.com/StackSmashing/status/468221482150404096

C.

3
0

Google de-listing of BBC article 'broke UK and Euro public interest laws' - So WHY do it?

diodesign
(Written by Reg staff) Silver badge

Re: So is Andrew in favour of the law...

Yes - on both counts.

C.

1
0
diodesign
(Written by Reg staff) Silver badge

Re: Radio 4 this morning.

"this article seems to have ignored this event"

If Barron is correct then it's even more crazy - because it's a misunderstanding by Google of the ECJ ruling. Either way, newspaper articles were delisted, not just Peston's blog post, so Andrew's point remains.

C.

1
4

When PR backfires: Google 'forgets' BBC TV man's banker blog post

diodesign
(Written by Reg staff) Silver badge

Re: How is this Google's fault?

"It's bizarre that the author is trying to blame Google for this"

Reread the article - it's about Google's reaction to the ruling.

"You can bet that if Google could get away with waiting for a court order every time, they would"

Absolutely, so why isn't Google doing just that? Is it worried if it bats every request away the Euro authorities will get mad and fine it?

This is multibillion-dollar Google. It's not poor ickle Google in a Stanford garage being picked on by horrible nasty internet people, no matter how many cutesy doodles it comes up with.

C.

3
5
diodesign
(Written by Reg staff) Silver badge

Re: Stupid decision, stupid story, stupid people

"So we get stories like this"

I think you've misread this article and Peston's.

C.

3
3

Use Tor or 'extremist' Tails Linux? Congrats, you're on an NSA list

diodesign
(Written by Reg staff) Silver badge

Re: coming round for a chat

"Is that documented?"

I believe we tweeted about it - but yes, a friendly top-level chap from the DA-Notice committee (part of the MoD) came around for a chat in the wake of Duncan Campbell's GCHQ coverage. It was to share advice, rather than impose rules or guidelines.

C.

6
0

Google policy wonk patronises Brits over EU search biz probe

diodesign
(Written by Reg staff) Silver badge

Re: Re: Over the top?

Daggerchild, the only person here using the words Google and evil is you.

C.

1
1
diodesign
(Written by Reg staff) Silver badge

Re: Over the top?

"Guysm can you please stop with the over the top Google hate?"

No, and it's not hate. It's healthy criticism and scrutiny.

Google is the biggest thing on the web; it has near-unlimited power over the day-to-day internet lives of countless millions. Yes, it does a lot of good, but that doesn't give it a free pass. Gigantic corporations need to be kept in check, and that's why we keep the screws turning.

C.

3
1

Running Cisco's VoIP manager? Four words you don't want to hear: 'Backdoor SSH root key'

diodesign
(Written by Reg staff) Silver badge

Re: Hang on a minute…

As per the Cisco advisory:

"The vulnerability is due to the presence of a default SSH private key, which is stored in an insecure way on the system"

:-(

C.

8
0

Sorry, chaps! We didn't mean to steamroller legit No-IP users – Microsoft

diodesign
(Written by Reg staff) Silver badge

Re: Interesting...

"So, have Microsoft realised they have dropped a big one here and handed the domains back to noip?"

That appears to be the case - we're following this story up.

C.

3
0

Trick-cyclists defend Facebook emoto-furtling experiment

diodesign
(Written by Reg staff) Silver badge

Re: Facebook broke the law.

"The author's bias is absurd."

I think Richard is being sarcastic.

C.

0
0

Microsoft's anti-malware crusade knackers '4 MILLION' No-IP users

diodesign
(Written by Reg staff) Silver badge

Re: skelband

"Is there something missing from the story?"

No, but the whole thing is baffling. It's all there and in the linked-to court documents. Microsoft claimed some of the subdomains use MS protected marks, and that No-IP's service was being used to cause:

"the unlawful intrusion into, infection of, and further illegal conduct involving, the personal computers of innocent persons, thereby causing harm to those persons, Microsoft, and the public at large."

So a judge in Las Vegas thought applying the restraining order, and redirecting the nameservers to MS's DNS systems, was just.

C.

9
0

Street View Wi-Fi slurp nightmare: US Supremes snub Google's appeal

diodesign
(Written by Reg staff) Silver badge

Re: Yeah, right..

The wheels later fell off that one rogue engineer claim.

C.

4
0

And now for someone completely brilliant: Stephen Hawking to join Monty Python on stage

diodesign
(Written by Reg staff) Silver badge

Re: PaulyV

You're right - article amended.

C.

0
0

What's it like using the LG G smartwatch and Android Wear? Let us tell YOU

diodesign
(Written by Reg staff) Silver badge

Re: Andrew Jones 2

"Journalists reporting / reviewing the Android Wear watches are doing a terrible job so far"

Iain has used the watch for, literally, a day or two. We normally spend a week or longer when preparing a review. As the article says, it's a first look. A review will follow. I'll take your point about the price though and add it in.

C.

3
0

Supermodel Lily Cole: 'I got a little bit upset by that Register article'

diodesign
(Written by Reg staff) Silver badge

Re: Jim 59

"Articles like this indicate that not all is well at Vulture Central."

In what way?

C.

0
0

YouTube will nuke indie music videos in DAYS, says Google exec

diodesign
(Written by Reg staff) Silver badge

Re: Anti-Google hysteria

"Google are renegotiating contracts for ALL labels."

Yes, but not all labels are treated equally. That's why the indies are upset.

C.

0
0

Slippery Google greases up, aims to squirm out of EU privacy grasp

diodesign
(Written by Reg staff) Silver badge

Re: TopOnePercent

"simply disappearing from this story?"

No comments have been rejected AFAICT ... and we reserve the right to pre-mod comments on certain articles, subjects, authors, etc. Meta-discussion can be safely done in the feedback forums, ta.

C.

0
0

WORLD CUP SHOCK: England declared winner in 2-1 defeat to Italy

diodesign
(Written by Reg staff) Silver badge

Re: Anonymous coward

No pleasing some people.

C.

6
0
diodesign
(Written by Reg staff) Silver badge

Re: More socially needier?

Yeah, all right - should have caught that but it was gone 5pm and my brain was thinking about wine. Don't forget to email corrections@thereg if you spot any errors.

C.

1
0
diodesign
(Written by Reg staff) Silver badge

Re: #thereferee'sawanker

My desire to be grammatically correct overruled hashtag bollocks.

C.

12
0

Ukrainian teen created in lab passes Turing Test – famous nutty prof

diodesign
(Written by Reg staff) Silver badge

Re: Mike

"I wonder if Prof Cyborg will deign to publish his results in a peer-reviewed journal"

I hear the results from Saturday will be put into a paper of some sort. Waiting for the university to get back to me. I gather the uni denied the Telegraph access to the transcripts, so this could turn interesting.

C.

4
0

Page: