Letune
Newbie
Offline
Activity: 4
Merit: 0
|
|
August 01, 2014, 05:23:26 AM |
|
Thats a little distubing to know since I used to have (actually still do have) alot of USB sticks that I got from people or found. I thought "oh since i format I'll be fine" and then reading that. my trashcan got a little fuller.
|
|
|
|
|
|
|
|
|
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
2112
Legendary
Offline
Activity: 2128
Merit: 1065
|
|
August 01, 2014, 04:27:35 PM |
|
I thought "oh since i format I'll be fine" and then reading that. my trashcan got a little fuller.
If you didn't throw away your trashcan yet: take those USB sticks out, clean them and donate them to a local charity. They are still useful for non-paranoid people.
|
|
|
|
Beliathon
|
|
August 01, 2014, 04:58:26 PM |
|
Technology is almost advancing too quickly for our own good. If you really think about it, the amount of technological advances in the last 20 years alone, is probably more than the past 100 years combined...
The nuke was really the epitome of this truth. What will the next super-weapon be? What will the world look like in the post-atomic era, if we don't find a way to stop governing our world with violence and start governing it with reason? The BTC in my brain is for long term storage. By the time I need to spend it, there will be wearable tech that detects my unique heartbeat (we all have unique heartbeats) to secure my transactions.
Oh no! your wearable tech contains a backdoor that transmits your heartbeat data to an attacker each time your heart beats. Bye bye BTC... Hmm, that's actually a fair point, and scary thought. Fine then, 1 brain wallet -> 50 paper wallets.
|
|
|
|
franky1
Legendary
Offline
Activity: 4214
Merit: 4475
|
|
August 01, 2014, 07:43:25 PM |
|
Personally I've got nothing to worry about until USB can plug into my brain.
What about when you go to spend your brainwallet? The BTC in my brain is for long term storage. By the time I need to spend it, there will be wearable tech that detects my unique heartbeat (we all have unique heartbeats) to secure my transactions. Ask me again in 5-10 years and I'll let you know if it's a problem. in 5-10 years some people will be getting old. Alzheimer's will make you forget your brain wallet and the heart arrhythmia will give you an irregular heartbeat. biology may not be theanswer to solving technology, especially for security. most issues in life can be put down to biological reasons why they went wrong. EG most computer errors are due to 'human input' most wars are not due to guns but tyrants decisions and emotions
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
cdog
|
|
August 01, 2014, 09:27:54 PM |
|
It has nothing to do with flash disks per se.
The USB protocol itself isnt secure.
|
|
|
|
peeveepee
|
|
August 01, 2014, 09:46:25 PM |
|
What about those people who run their OS from USB stick?
|
|
|
|
jc01480
|
|
August 02, 2014, 12:25:06 AM |
|
All I have to say is this:
Rocket powered goat combat!
|
|
|
|
Swordsoffreedom
Legendary
Offline
Activity: 2758
Merit: 1115
Leading Crypto Sports Betting & Casino Platform
|
|
August 02, 2014, 04:20:19 AM |
|
Thanks for sharing it was an interesting article Personally I use my own usb sticks and buy my own so not really scared of a share risk That said got to be careful especially since if it was in the Firmware I don't know who could have messed with that data
That said from the comments seems it's half true still best be cautious with the USB device you use, and when in doubt code it yourself lol.... perhaps
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
RedDiamond
|
|
August 02, 2014, 06:41:30 AM |
|
One possible way to minimize the danger is to connect the pendisk to external USB NAS adapter and then access it via network interface.
|
|
|
|
Jamie_Boulder
|
|
August 02, 2014, 07:35:58 AM |
|
This is why you use a HDD or SSD as cold storage. I always figured that something used so widely would cause a lot of problems if an vulnerability was found in it.
Everything described in this article is possible to do with a HDD or SDD. And this problem isn't just limited to storage devices, it encompasses ALL of your computer hardware. Similar attacks have been done by modifying a motherboards BIOS, firmware on network cards, and this has been known for a LONG time. http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/Think about it: even your mouse could have a tiny wireless receiver in it that would allow an attacker to move it remotely, or be pre-programmed with a macro that executes when you're not using it. Or how about your Trezor (hardware Bitcoin wallet)? Even the NSA leaks showed us that the NSA intercepts computer hardware in the mail going to "targets" and make modifications to it: http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spyHow do you prevent it? If you feel that an adversary would try these kind of attacks on you, source all your hardware from reputable sources that you trust and if you know how, check it hasn't been modified in any obvious way - just like you should do with software you install on your machine. Interesting read but everything you've stated is all baseless (NSA not BadBIOS).
|
|
|
|
Corelianer
|
|
August 02, 2014, 01:53:23 PM |
|
You can use a Barcode-Scanner for your cold-wallet to hot-wallet transactions, then you avoid the danger of usb-sticks. Or you use a camera and a QR-Code. Then you avoid the USB-Stick danger.
|
|
|
|
cryptworld
|
|
August 02, 2014, 01:57:36 PM |
|
interesting does it exist any secure usb?
|
|
|
|
Raeg
Member
Offline
Activity: 66
Merit: 10
|
|
August 02, 2014, 02:01:11 PM |
|
Woah, wasn't aware of this. Pretty scary that even reformatting the driive doesnt work. Cant trust any company nowadays.
|
|
|
|
ForgottenPassword
|
|
August 02, 2014, 06:12:33 PM |
|
Interesting read but everything you've stated is all baseless (NSA not BadBIOS).
In actual fact it's more likely that BadBIOS is fake (that strain of malware in particular of course others exist). The NSA hardware interdiction has been confirmed by the NSA leaks, the NSA and Cisco. http://techcrunch.com/2014/05/18/the-nsa-cisco-and-the-issue-of-interdiction/http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-3.htmlTake, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. http://www.forbes.com/sites/erikkain/2013/12/29/report-nsa-intercepting-laptops-ordered-online-installing-spyware/I don't have time to find the particular NSA slide, maybe someone will help you or I may find it later. That picture I posted is in it however. This was an actual picture of the NSA interdicting a Cisco router.
|
|
|
|
|