Another month another vulnerability.

LOLZ^ And now back to your corona Fear mongering..........

airbud7:

You park your car at work and start walking to your office building. You look down and see a shiny new 32GB thumb drive lying on the path. You think someone must have dropped it, so you pick it up, put it into your pocket, and go up to your office. Since you’re a good human being, you want to return it to whoever lost it, in case there are important work documents or someone’s novel-in-progress on there. So, you do what most people would do and plug it into your computer in the hopes of finding something on the drive that identifies the owner. This, my friend, is what’s known in the world of infosecurity as a ‘candy drop’ - an intentionally placed USB device dropped in plain sight, which tempts a target to pick it up and plug it in.

Well, COVID-19 Fear ,my firend , will help that person to prevent himself from this kind of mishaps . How? Go figure:p

Having an Intel CPU is more dangerous than running naked through a vaporized COVID-19 cluod.

airbud7:

Beware the stranger with the thumb drive at your computer! And don't take candy from strangers...

if a stranger with a thumb drive makes it to my computer all that the’ll have left is a thumb....

Scratches head, huh? Me no likely! 😕

Intel, the gift that keeps on giving.

airbud7:

You park your car at work and start walking to your office building. You look down and see a shiny new 32GB thumb drive lying on the path. You think someone must have dropped it, so you pick it up, put it into your pocket, and go up to your office. Since you’re a good human being, you want to return it to whoever lost it, in case there are important work documents or someone’s novel-in-progress on there. So, you do what most people would do and plug it into your computer in the hopes of finding something on the drive that identifies the owner. This, my friend, is what’s known in the world of infosecurity as a ‘candy drop’ - an intentionally placed USB device dropped in plain sight, which tempts a target to pick it up and plug it in.

Run a Linux live CD/USB to open it up. Not only will it not run any automated binaries, but even if it does, you've basically got a sandbox OS running entirely in RAM for it to destroy instead of anything actually important. If you find it was honestly someone's missing drive, great - you get to return it. If you find it was a ploy to steal your information or ruin your day, great - just format the drive and now you've got a 32GB drive for free. Win-win.

Kool64:

if a stranger with a thumb drive makes it to my computer all that the’ll have left is a thumb....

Case with teeth? That sounds like guru3D case of the month material!

Crazy Serb:

Case with teeth? That sounds like guru3D case of the month material!

Hey, do you know a guru CrazY_Milojko by chance? I miss him...

schmidtbag:

Run a Linux live CD/USB to open it up. Not only will it not run any automated binaries, but even if it does, you've basically got a sandbox OS running entirely in RAM for it to destroy instead of anything actually important. If you find it was honestly someone's missing drive, great - you get to return it. If you find it was a ploy to steal your information or ruin your day, great - just format the drive and now you've got a 32GB drive for free. Win-win.

What about malware firmware? (Or even a spying SoC instead of plain USB electronics...) PS Nice name for a music band "Malware Firmware", eh?

airbud7:

You park your car at work and start walking to your office building. You look down and see a shiny new 32GB thumb drive lying on the path. You think someone must have dropped it, so you pick it up, put it into your pocket, and go up to your office. Since you’re a good human being, you want to return it to whoever lost it, in case there are important work documents or someone’s novel-in-progress on there. So, you do what most people would do and plug it into your computer in the hopes of finding something on the drive that identifies the owner..

Look we know fine well the only reason anyone is checking out that drive is to see what kind of porn is on it. I would say something stupid like I am glad I went AMD this time round but given that most of these vulnerabilities require what amount to direct access to my computer to be of any reals threat I suspect that the model of CPU I am using would be the least of my concerns.

Crazy Serb:

Case with teeth? That sounds like guru3D case of the month material!

More like an industrial grinder but yes.....

YAY wait BOOO Waits for held line " human" are flawed and are "security risk" head to nears human recycling plant for re purposing. Seriously thought this getting rather stupid they are just looking for flaws at this point and released it to public to cause things, Before the whole Meltdown/spectre thing there was very lil of this news now it like the in thing to do. AMD already had "new" architecture with ryzen, so they spare at lest till all these people that out Intel flaws turn the attention to AMD. Intel been using same architecture for better part of decade with the iX cores? Even if Intel were to announced new architecture ( from the ground up) it would be years before its ready, and even when it is they would just start picking that apart, cause the in thing to to look for flaws. There will always be flaws and security issue in all tech. there no need to purpose go out ones way to find them put all that info out in the public for all to know and make things worse. I get these thing should be fixed, but it shouldnt be outed to public so everyone knows include the shady people that would use those flaws, but didnt know about till it was outted publicly

mbk1969:

What about malware firmware? (Or even a spying SoC instead of plain USB electronics...)

When it comes to firmware, I figure the worst-case scenario is it will either depend on software on the drive itself to do damage, or, it will just simply damage the files on the drive (better that than anywhere else). For example, there are those drives that lie about their capacities - that's basically malware firmware. As for a whole SoC, a live OS will still protect it from doing any real harm if the primary goal is to just see what's on the "drive". There's only so much those things can do.

schmidtbag:

When it comes to firmware, I figure the worst-case scenario is it will either depend on software on the drive itself to do damage, or, it will just simply damage the files on the drive (better that than anywhere else). For example, there are those drives that lie about their capacities - that's basically malware firmware. As for a whole SoC, a live OS will still protect it from doing any real harm if the primary goal is to just see what's on the "drive". There's only so much those things can do.

What about user using the thumb on his main OS after he wiped the thumb (thinking he is safe)?

sverek:

And hope it's not Intel in your pants.

thats a threadripper

Not surprised.....

mbk1969:

What about user using the thumb on his main OS after he wiped the thumb (thinking he is safe)?

I didn't really make it clear when I said this before, but what I meant to say is the firmware likely already depends on binaries stored on the flash memory in order to do something harmful. So if you format the drive, the firmware might still try to execute the binary even though it no longer exists. It might even still log data, but the firmware isn't likely to be complex enough to carry out enough instructions to (for example) encrypt your data and hold it for ransom, or transmit it elsewhere. There are some limitations with the firmware: 1. If you tamper with it too much, it might not be recognized as a generic mass storage device. Normal drivers for it might fail. Unsigned drivers on USB storage is something to be wary of. 2. Firmware is normally stored on something like an EEPROM. Those can get very physically large and expensive every time you double their size. I wouldn't be surprised if the firmware for most flash drives is only 0.5MB. You're unlikely to fit any useful malware on something that small (which is probably why the most common flash drive malware is spoofing the drive's capacity). 3. If the firmware is programmed to send data to another source, it is going to have to depend on the OS to do all the heavy lifting since obviously it doesn't have its own network connection. This can get very complicated to program at such a low level since the filesystem of the drive can affect the legibility of the files, the OS itself needs to understand the instructions sent to it, the security of the OS has to not be alarmed by the instructions, and in some cases, the type of network interface could be yet another obstacle. That sure is a hell of a lot of trouble. 4. If the firmware is programmed to encrypt your data and hold it hostage, that could be done entirely on the drive itself, but it will need a lot of compute power that you probably can't fit in a modern USB chassis. If the onboard CPU is too slow where the user pulls out the flash drive before the data is done being encrypted, it will become corrupt. The goal of ransomware is to make money by giving people their data back. It's not a successful business model if there's no data to return.

This sounds like a Rubber Ducky.