|
I worked at a place about 15 years ago where, in a 7 man office, the IT guy disabled all the USB ports on every machine behind a password protected BIOS. Like most IT people, he was a crazy and deranged individual who should have been fired for an absolute multitude of reasons, but I can't argue with him being ahead of the times on that one.
|
# ? Sep 25, 2016 05:42 |
|
|
# ? May 8, 2024 06:10 |
|
bitcoin bastard posted:This is (probably) how Stuxnet became a thing. $20 in lovely USB drives is a pretty low buy in if someone uses one to jump the air gap at a reasonably important target. I was under the impression that Stuxnet was more about "saturate the Iranian internet and wait for someone to gently caress up". Still, even putting your own private USB sticks in your secure work computer is not the best plan.
|
# ? Sep 25, 2016 06:56 |
|
https://en.m.wikipedia.org/wiki/2008_cyberattack_on_United_States
|
# ? Sep 25, 2016 08:24 |
|
Ytlaya posted:Wouldn't this be a really inefficient way of scamming people, since each "attempt" costs you the money necessary to buy the USB stick. You can get old, outdated sticks pretty cheap if you know where to look. People lose the drat things all the time so you could probably get a lot of them just watching, say, a library for a while. Realistically you also probably only need a few to get one positive; then as long as the virus can propagate from there that's all you need. A quick search on Amazon indicates that you can snag 100 16 GB thumb drives for $360. I'm going to guess you could get a few hits by just loading something nefarious on them and leaving them in parking lots. That's why, despite all the advances in security, it really only takes one person doing something stupid to compromise entire systems with millions of records of customer data. ToxicSlurpee fucked around with this message at 21:41 on Sep 25, 2016 |
# ? Sep 25, 2016 21:38 |
|
If you found an unfamiliar USB drive in your pocket or handbag, would you just throw it away? People are the derpiest link in any security scheme.
|
# ? Sep 26, 2016 00:20 |
|
There was a Nine Inch Nails album release ARG that involved USB drives being left in places like concert hall bathrooms and such. So for a lot of people the answer to "if you found an unfamiliar USB drive in a grungy bathroom would you plug it into your computer" is "absolutely!" It's like a scheme you'd see on an episode of Mr. Robot or something. Police blotters in my town and the ones nearby are full of people who got scammed in various ways through the phone or web. Some of the incident reports detail some pretty solid social engineering on the parts of the scammers, but a lot of times it's pretty basic stuff, so I have no doubt in my mind that most people around here would plug a USB drive into either their work or home computers without a second thought. Honestly, I'd love to see experiments done where people leave USB drives in various locations that contain a harmless trojan or whatever that would simply report back that it was activated and then do nothing else - it'd be cool to get actual real-world results as to how many people will just plug whatever drive in whatever computer.
|
# ? Sep 26, 2016 05:45 |
|
Mr Robot did indeed use a very similar scheme (a rap CD a character was tricked into buying). The show is pretty good at using real life techniques that have a good hit rate.
|
# ? Sep 26, 2016 06:36 |
|
The hacker girl literally just tossed some USB's into their parking lot to get into the police system as well iirc. Like someone mentioned, something like that is often the only realistic way into a system, and I'm sure there are plenty of real life cops who are stupid enough to do it.
|
# ? Sep 26, 2016 06:43 |
|
Ah yes, I forgot about that one. Such a good show.
|
# ? Sep 26, 2016 07:48 |
|
Better late than whatever:
|
# ? Sep 26, 2016 09:46 |
|
drunk asian neighbor posted:There was a Nine Inch Nails album release ARG that involved USB drives being left in places like concert hall bathrooms and such. So for a lot of people the answer to "if you found an unfamiliar USB drive in a grungy bathroom would you plug it into your computer" is "absolutely!" The biggest motivators are curiosity and voyeurism. The first comes from the fact that humans are just naturally curious; we see a box we want to know what's in it. We explore. It's what we do. Of course an unknown USB drive might have something cool on it. Maybe it was dropped by a musician and unreleased stuff is on it. Maybe it has financial records you can use to get 15 minutes on the news by exposing. Wow! In other cases it's the voyeurism; it's possible that it has homegrown porn on it or naked celebrity pictures. Maybe it's something hot as hell that you can show off to your friends or get known as the person that leaked naked photos of some celebrity or another who won't get naked in front of a camera. Think of the possibilities!!! You're drat right I'm plugging that fucker right in!
|
# ? Sep 28, 2016 00:20 |
|
I mean, poo poo, I'd plug it in, just to an old burner computer.
|
# ? Sep 28, 2016 00:56 |
|
GreyjoyBastard posted:I mean, poo poo, I'd plug it in, just to an old burner computer. Yeah, but then you have to wait.. and you want to know RIGHT NOW, and works got heaps of computers, nothing will happen.
|
# ? Sep 28, 2016 02:06 |
|
I would be very hard pressed to not plug a found USB into something. Way too curious/nosey.
|
# ? Sep 28, 2016 02:51 |
|
i still have an old promo usb key i found in a college computer lab
|
# ? Sep 28, 2016 04:57 |
|
I'd plug it into my tv to see what files are on it first
|
# ? Sep 28, 2016 07:31 |
|
Taste the Rainbugh posted:I'd plug it into my tv to see what files are on it first Theoretically, this could allow your TV to participate in DDoS attacks like the one that took down Krebs, yes? I mean, super unlikely, but it *could* happen.
|
# ? Sep 28, 2016 09:16 |
|
We have stacks of USB drives that we use with embedded systems. I can't even imagine what would happen if some nefarious person just left a bad one sitting in the stack someplace. At least the lab is restricted access, I guess.
|
# ? Sep 28, 2016 11:53 |
|
MANime in the sheets posted:Theoretically, this could allow your TV to participate in DDoS attacks like the one that took down Krebs, yes? I mean, super unlikely, but it *could* happen. This is already happening. Your grandma is never going to update the firmware on the "smart" lightbulbs and digital picture frame that your little cousin set up for her. Many of these devices will never receive proper security patches from the manufacturer, or the company will go out of business. And bugs will be found, because bugs are always found. It is a disaster just waiting to happen, and I have not heard of any industry or regulatory initiatives to try and prevent it from happening.
|
# ? Sep 28, 2016 13:03 |
|
bongwizzard posted:I would be very hard pressed to not plug a found USB into something. Way too curious/nosey. some guy posted that he found like 20 gigs of bbw porn, he went back the next day and put it back where it was
|
# ? Sep 28, 2016 15:48 |
|
MANime in the sheets posted:Theoretically, this could allow your TV to participate in DDoS attacks like the one that took down Krebs, yes? I mean, super unlikely, but it *could* happen. Assuming your TV is connected to your network via ethernet or wifi, sure. And not that unlikely, no more so than targeting security cameras or whatever.
|
# ? Sep 28, 2016 15:59 |
|
USB sticks? Pshh, I found a Toshiba laptop hard drive in the street a couple years ago. I really should see what's on it, if it's even working.
|
# ? Sep 28, 2016 17:44 |
|
Sounds like a good reason to have a cheap junk laptop or tablet that can communicate with a cheap USB hub. Leave the laptop non-networked, maybe even just use a USB boot stick and you can just slap a new boot image on if when something bad happens. USBkiller toys might only kill the hub, even. Or, you could just resist sticking strange dongles in your open ports, I dunno. Comedy option: don't some stores (Apple, unless the Winter Soldier movie lied to me) still have open computers to play with?
|
# ? Sep 28, 2016 18:15 |
|
When poo poo like this exists, that becomes a legitimate liability. It may not blow up your computer like some claim, but Apple won't be happy when you go into their store and ruin one of their computer's USB ports.
|
# ? Sep 28, 2016 20:25 |
|
sleppy posted:When poo poo like this exists, that becomes a legitimate liability. It may not blow up your computer like some claim, but Apple won't be happy when you go into their store and ruin one of their computer's USB ports. Probably all of them, it'd burn out the controller.
|
# ? Sep 28, 2016 20:39 |
|
Zamboni Apocalypse posted:Sounds like a good reason to have a cheap junk laptop or tablet that can communicate with a cheap USB hub. Leave the laptop non-networked, maybe even just use a USB boot stick and you can just slap a new boot image on if when something bad happens. USBkiller toys might only kill the hub, even. Just go to the library, either publlic or university. All the ones I've been to have available computers with working USB ports. I flat out assume those need to be reimaged monthly due to their user bases so it's not even that dick a move.
|
# ? Sep 28, 2016 21:13 |
|
Cyrano4747 posted:Just go to the library, either publlic or university. All the ones I've been to have available computers with working USB ports. I flat out assume those need to be reimaged monthly due to their user bases so it's not even that dick a move. As mentioned above, it's definitely a dick move. Even if you rule out a computer-smashing USB drive, just installing a keylogger on a public computer is pretty dangerous
|
# ? Sep 28, 2016 21:24 |
|
That really just saves the hacker the trouble of going out and putting it on that public computer themselves. You should assume every public computer is insecure since who knows what other people put on it knowingly or not. In our labs on campus the computers are fresh each time they boot, so I usually restart one if I'm putting in any somewhat important passwords.
|
# ? Sep 28, 2016 22:28 |
|
sleppy posted:That really just saves the hacker the trouble of going out and putting it on that public computer themselves. You should assume every public computer is insecure since who knows what other people put on it knowingly or not. In our labs on campus the computers are fresh each time they boot, so I usually restart one if I'm putting in any somewhat important passwords. Yeah, that's what I was assuming was SOP. The public library near me is that way, and all the Unis I've had personal experience with have been as well edit: Either way, sticking the sketchy parking lot thumb drive in the library computer to see if there's hot blackmail homegrown of your boss is probably better than putting it in your work machine. Especially if you work at an Iranian nuclear plant. Cyrano4747 fucked around with this message at 22:37 on Sep 28, 2016 |
# ? Sep 28, 2016 22:35 |
|
RE: dropping USB drives, I've heard dropping blank CD's with poo poo like "August Payroll" written on them is also effective, since some random employee will definitely want to know how their pay stacks up against their coworker's.
|
# ? Sep 28, 2016 23:04 |
|
sleppy posted:That really just saves the hacker the trouble of going out and putting it on that public computer themselves. You should assume every public computer is insecure since who knows what other people put on it knowingly or not. In our labs on campus the computers are fresh each time they boot, so I usually restart one if I'm putting in any somewhat important passwords. You should, but I'm not particularly confident that any given library computer will be handled properly, let alone that its users will be careful. (and, as mentioned, you could also just wreck the computer if someone's being a dick)
|
# ? Sep 28, 2016 23:16 |
|
Cyrano4747 posted:Just go to the library, either publlic or university. All the ones I've been to have available computers with working USB ports. I flat out assume those need to be reimaged monthly due to their user bases so it's not even that dick a move. I worked in front line IT for a university for years. Monthly is almost optimistic. And that's with a system that tries reasonably hard to quarantine user action. (As per sleppy. There were ways around it because our contractors were morons and/or presented with unrealistic and mutually contradictory demands) Goatse James Bond fucked around with this message at 23:19 on Sep 28, 2016 |
# ? Sep 28, 2016 23:15 |
|
sleppy posted:That really just saves the hacker the trouble of going out and putting it on that public computer themselves. You should assume every public computer is insecure since who knows what other people put on it knowingly or not. In our labs on campus the computers are fresh each time they boot, so I usually restart one if I'm putting in any somewhat important passwords. Hardware keyloggers exist.
|
# ? Sep 29, 2016 03:56 |
|
bongwizzard posted:I do event production and did a national meeting for some MLM group a few months ago. Same, mine was a few years ago. Interesting to learn that there really are a few people near the top of these pyramids who somehow conned entire towns worth of people for their bonuses. Some of these people were making 100 grand a year just by signing up two friends who signed up ten who signed up fifty who signed up a thousand. A friend of a friend I have on Facebook posted a while ago that he got caught by one of those schemes where some random lady friends you and then convinces you to get naked on your webcam and then she ransoms the recording, threatens to send it to your friends and your boss and so on. My first thought was about how idiotic you would have to be to fall for that, especially as he's in his early 20s and is supposed to be the web-savvy and question-everything generation. Then a bunch of other goobers his age chimed in to say how they were caught by the same thing at some point or another. I guess posting about it defeats the ransom component because now everyone knows you did it anyway.
|
# ? Sep 30, 2016 04:50 |
|
GreyjoyBastard posted:I worked in front line IT for a university for years. Monthly is almost optimistic. It seems you could just give a user a fresh VM with Windows/a web browser/whatever when they logged in assuming it's a lab or library or something.
|
# ? Sep 30, 2016 05:29 |
|
Speaking about USB drives... http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe
|
# ? Sep 30, 2016 08:08 |
|
monster on a stick posted:It seems you could just give a user a fresh VM with Windows/a web browser/whatever when they logged in assuming it's a lab or library or something. some of the local libraries around here do this. whenever you log out from your patron login, it reboots the machine
|
# ? Oct 3, 2016 01:21 |
|
Lutha Mahtin posted:some of the local libraries around here do this. whenever you log out from your patron login, it reboots the machine All my college public lab computers were reimaged everytime you logged out. There were big rear end signs on every monitor "DO NOT SAVE YOUR drat HOMEWORK ON THIS PC"
|
# ? Oct 3, 2016 06:58 |
|
I don't know if this was a scam or not, but someone claiming to be Sirius Radio phoned me the other day. They wanted to talk to a woman, I told them this wasn't her number. The lady paused, but then continued, telling me this lady-who-was-not-me owns a SUV and they wanted feedback from her on how she's enjoying Sirius. I explained again she had the wrong number, but then she continued on with some spiel... so I hung up.
|
# ? Oct 3, 2016 10:34 |
|
|
# ? May 8, 2024 06:10 |
|
Could just be a callcenter drone who is not allowed to disconnect the call for any reason.
|
# ? Oct 3, 2016 12:43 |