Steve Holden's Blog

USB Memory Card Malware Threat

March 27, 2016

+

+

+

+

+

+

There is reportedly a new particularly advanced USB-savvy malware being called "USB Thief" (Google Search) being discussed by many in the technology press.

If you allow users (including system admins) to use USB storage devices on air gapped systems then this threat can be a potential attack vector a persistent attacker could deploy against your organization.

Basically an infected USB device could be inserted into an air gapped computer where it could collect considerable amount of "protected data" and then exfiltrate the "protected data" back to the infected USB device. Once the device is removed there is reportedly no trace of the malware on the compromised system and no record of the data collected.

Best defense would be not to allow USB storage media on air gapped systems. Otherwise, restricting data migration from the air gapped network (i.e. the high-side) to the internet network (i.e. the low-side) would be another defensive measure. Good physical security would also limit the effectiveness of this threat vector.

Some links with more coverage (some of it F.U.D.): techtimes.com, sci24h.com, arstechnica.com, pcworld.com, thestack.com, securitybrief.co.nz, slashdot.org, idgconnect.com, and itsecuritynews.info,

+

+

+

+

+

+

+ Exfiltration, Physical, Threat, USB

+

+

+

+

+

+

+

+

+

+

+

+
Emerging New Exfiltration Of Data Via RF Threat

March 20, 2016

+

+

+

+

+

+

There is a new open source effort to build out a working data exfiltration toolkit using radio frequencies. The source code has been posted to GitHub. More info on the news at Softpedia.

The key defensive measure would be to make sure no malicious rogue capabilities make it to your air gapped networked systems, and that you consider RF shielding countermeasures.

+

+

+

+

+

+

+ Data, Exfiltration, Threat, Wireless

+

+

+

+

+

+

+

+

+

+

+

+
Electromagnetic Attack Demo On Air Gapped System

March 19, 2016

+

+

+

+

+

+
Researchers preparing for a future conference presentation have released details (PDF paper here) of their successful electromagnetic (EM) attack against an air gapped system that included no additional software to be previously installed on the system being hacked. The hardware costs to build the attacking system was around $3000. The air gapped system had no TEMPEST protections (PDF reference for more information).

You can read more via:
+

+

+

+

+

+

+ Electromagnetic, TEMPEST, Threat, Wireless

+

+

+

+

+

+

+

+

+

+

+

+
Recipe: No-bake Breakfast Cookies

February 15, 2016

+

+

+

+

+

+
I recently made the following no-bake breakfast cookies, but I had to substitute honey with Log Cabin Syrup and flaked cereal with Cheerios. They turned out awesome (my serving size ended up being eight).

Ingredients:

1/2 cup honey (or light corn syrup)
1/2 cup non-fat dry milk (instant)
1/2 cup raisins (or chopped dates)
1/2 cup creamy peanut butter
2 1/2 cups flaked cereal (coarsely crushed)

Directions:
1. Heat honey and peanut butter in a medium saucepan over low heat. Stir until blended.
2. Remove from heat. Stir in dry milk.
3. Fold in cereal and raisins. Drop by heaping tablespoons onto waxed paper to form mounds.
4. Cool to room temperature.
5. Store in refrigerator.
Nutritional values per serving (makes about 12 servings): 160 calories, 5 g total fat (1 g saturated fat), 26 g carbohydrate, 4 g protein, 1 g dietary fiber, 110 mg sodium.

Originally posted by Montana State University Extension, Nutrition Education Programs via What's Cooking, USDA Mixing Bowl.
+

+

+

+

+

+

+ DIY, Food and Drink, Ideas, Personal, Tip

+

+

+

+

+

+

+

+

+

+

+

+
Excellent Guide On Secure Shell (SSH)

February 12, 2016

+

+

+

+

+

+

This PDF guide entitled What You Need To Know About NIST Guidelines for Secure Shell (SSH) from shh.com is excellent.

If you are already investing in an air gapped network and using SSH, then you should pay close attention to the recommendations in this guide.

The basis for this guide is the NISTIR 7966 (PDF).

+

+

+

+

+

+

+ Encryption, System Administration, System Management, Tip

+

+

+

+

+

+

+

+

+

+

+

+
Proof-Of-Concept: KVMs To Jump The Gap

January 9, 2016

+

+

+

+

+

+

The Register published news of a recent presentation by (@ynvb & @oppenheim1) that IP-enabled KVMs can be attacked in such a way to enable access on a closed network (no Internet connectivity).

+

+

+

+

+

+

+ KVM, Physical, Supply Chain, Threat

+

+

+

+

+

+

+

+

+

+

+

+
DOD Definition Of Insider Threat

January 7, 2016

+

+

+

+

+

+

The United States Department of Defense's definition of an insider threat:

An insider threat is defined as someone who uses his or her authorized access to damage the national security of the United States, whether through espionage, terrorism, unauthorized disclosures of classified information, or other harmful actions.

+

+

+

+

+

+

+ Insider, Threat

+

+

+

+

+

+

+

+

+

+

+

+
Proof-Of-Concept: Smartwatch Leaks Keypad Numbers

January 6, 2016

+

+

+

+

+

+

Per Gizmodo, there is a proof-of-concept of how a smartwatch could be used to leak keypad numbers on an access control door or other PIN protected resource.

+

+

+

+

+

+

+ Uncategorized

+

+

+

+

+

+

+

+

+

+

+

+
Potential User Interface Changes With Google Chrome v46 to v47

October 24, 2015

+

+

+

+

+

+

I noticed this morning when my Chromebook upgraded to the latest version 47.x (Beta) that the Folder icons at the top (in my bookmarks bar) are all dark gray:

In my Chrome browser on Windows running the latest version 46.x the folders are "yellow-ish."

I am sure there are other changes planned but this one really stood out. I'm sure I'll get use it in a day or so.

+

+

+

+

+

+

+ Beta, Ideas, Technology, Web/Tech

+

+

+

+

+

+

+

+

+

+

+

+
Back In Time (2006) – My Podcast Queue

October 16, 2015

+

+

+

+

+

+
Below is my list of iPodder (now Juice) podcast feeds from October 2006 that I use to listen to on an iRiver:
1. – ChuckChat Technorama –
2. 43 Folders
3. Alternative Classix – The Blog
4. altNPR Groove Salad — Taste of the Week
5. APMs Future Tense
6. AttentionTech
7. Behind the Mic
8. BusinessWeek – The Cutting Edge
9. Career Opportunities The High-Tech Career Handbook
10. CBS Fall Premiere Interviews with Dana Greenlee
11. Celtic Music News Celtic Music News
12. Christ Lutheran Church Messages
13. CIO Podcast
14. Coverville
15. Dan Bricklins Software Licensing Podcast
16. DARN PC
17. Digital Experience Podcast – MP3 Feed
18. Distributing the Future
19. Docs Podblog
20. Endurance Radio Audio Interviews
21. Engadget Podcasts
22. Eric Mack On-Line
23. Eurythmics – The Ultimate Collection
24. Evil Genius Chronicles
25. Friends in Tech
26. Gillmor Gang
27. Home Network and Computer Help – HomeNetworkHelpInfo
28. In the Trenches
29. IndieFeed ElectronicaDance
30. Internet Pro Radio icannBlog
31. Jazz Music – RedJazz Radio
32. Jimmy Jett
33. Jons Radio
34. KFI Tech Guy
35. Killer Innovations
36. Lessig Blog
37. MacCast – For Mac Geeks, by Mac Geeks
38. MAKE Magazine
39. Manager Tools
40. MobileTechRoundup
41. Morning Coffee Notes
42. Music4iPodscom – ElectronicaDJ
43. Network World Radio
44. Old Wave Radio New 80s Music!
45. On The Media from NPRWNYC
46. OnTheRun with Tablet PCs Podcast
47. OpenPodcastorg
48. Ottmar Lieberts Listening Lounge
49. PaulDotCom Security Weekly
50. podbat podbat podcasts
51. Podcast Brothers
52. Pritzker Military Library Podcasts
53. Radio Leo
54. Reel Reviews Radio
55. Rip & Read Blogger Podcast
56. Slashdot Review
57. State Dept – Daily Press Briefings
58. Steve Holden Tech Rag Tear Outs (TRTO)
59. Steve Holdens Weblog
60. Tech News Radio
61. TechPodcastscom Network
62. Terry Storch
63. TGN Behind the Scenes
64. TGN The Living Word
65. The Bag and Baggage Podcast [now This Week in Law]
66. The Bitterest Pill
67. the Eric Rice Show
68. The Golden Hammer Tech Watch
69. The Invisible Hand
70. The Invisible Hand, Enhanced Version
71. The Pentagon Channel
72. The Roadhouse
73. The Rock and Roll Geek Show
74. ThePodcastNetwork The Gadget Show
75. ThePodcastNetwork The Mobiles Show
76. ThePodcastNetwork The TabletPC Show
77. ThePoint
78. These Days [@KPBS]
79. They Might Be Giants Podcast
80. this WEEK in TECH
81. todbitscom
82. Typical PC User Podcast
83. Ultima Thule Ambient Music Radio
84. Valid Syntax
85. vinyl podcast
86. Voices in Your Head wDave Slusher
87. WGBH Morning Stories
88. Wi-Fi Networking News Podcasts
89. Wizbang Podcast
I found this while recovering my old iBook backup drive using SpinRite. I was actually trying to find some older TechNewsRadio podcasts that were posted on a server that no long exists. I seem to have a gap of ~200 with bad links.
+

+

+

+

+

+

+ History, Ideas, Mobile, Personal, Podcast, Podcasting, Technology

+

+

+

+

+

+

+

+

+

+

+

+