Las Vegas locks down ahead of DEF CON hacking conference Businesses in Las Vegas are locking down their systems as hackers fly into the fetid hell of Sin City for a trio of security conferences. This week the BSides conference, Black Hat, and DEF CON are all in town and folks here are worried that their computers are going to be thoroughly subverted by visiting miscreants. Caesars …
Virus scanners can only catch known threats or their derivatives (is that the right word ?), so if an enterprising hacker creates something knew, the scanners won't catch it.
BTW if I'm wrong on this I'd love some education. I assume this is how it works; scanners only know what to look for because of a database and the way they act. If there's more to it than that, I'd love to learn
Virus scanners (pretty much all flavours) claim to use heuristic analysis of the binaries to detect likely threats. The main problem is that the bastards who write the malware can easily see if their code triggers some pattern and write some diversion to trick the heuristic pattern matching and then you get a game of cat and mouse.
I would trust email over USB too. The USB interface was designed in a more trusting time*, so if it claims it is an Ethernet card then many OSes will immediately start sending it traffic. If it had a built in 4G then it could easily MitM. Or it could emulate a keyboard and send the shortcut keys to do whatever the logged in user can do. They might even be able to do some interesting trick pretending to be a sound card and sending voice commands as if it was a microphone input. And that is without physical damage. There is a USB stick that you can buy that basically has a capacitor inside. It takes charge for a short time, then unloads all that energy on a few chips expecting 5V 1A maximum.
At least with email, they would have to embed a font in the PDF to pwn the machine.**
*It is fort Knox compared to FireWire though.
**And I wish that was a joke
Maybe UPS has a smart tech guy who set up an machine with TAILS or a similar live read-only OS. Box is connected just to the Internet for fetching those mails with attachments and prints to a printer hooked up bia USB. No connection tomrest of machines / printers. If something b0rks salvation is just a reboot away.
That would probably the smartest solution. Apart from just placing a cheap Staples printer on the counter and telling DefConites to install drivers and just connect to their own machine.
To prevent unauthorized network usage during the DEF CON Hacking Conference, guests must follow our enhanced security protocol:
1. Log into the public WiFi portal using your full name, email address, and Social Security Number.
2. Check your email. We will send you a link to download a small authorization program.
3. Download and run the attachment while logged in as an Administrator / root user.
We apologize for any inconvenience.
This USB stick can destroy most computers in seconds - usbkill.com (url purposely non-clickable)
There are several YouTube videos if you want to see how deadly those things are - https://www.youtube.com/results?search_query=usb+killer
If you knew (or at least thought) that the security - people, process, tech - around your mail was more robust than your web or endpoint/USB then it'd be a fair statement to make. This isn't just about unknown malware and technical controls, it's about the nature of the interaction with 'front desk' personnel at that or other sites and the increased likelihood for 'gaming' with such a glut of security personnel in town.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
