Aces High Bulletin Board
General Forums => The O' Club => Topic started by: PJ_Godzilla on March 28, 2016, 01:20:52 PM
-
Are they secure? Discuss among yourselves... But I have received some warnings about that hardware - and from credible sources whom I will not name. I note, on my last trip to China, I was given several promo gifts, one of which was a thumb drive.
By the way, some of you may have heard of the madman strategy, the last practitioner of which was probably Richard Nixon. See any merit there?
Some of you may know a thing or two about rebranding as well. As long as I'm broaching a topic somewhat out there, tell me what you think is required to effectively change the perception of Brand X from A to a very, or at least slightly different, B.
Be kewl, these issues, like just about everything else these days, are provocative and are best handled in abstract; arm's length from too many concrete examples, save perhaps the first one.
-
Aren't all thumb drives Chinese?
-
That's actually a harder answer to get than you might think, and depends on the part of the flash drive in question.
For example, Micron... take a look at where they make their components and do their assembly.
Meanwhile, yes, there have been some notable incidents involving embedded spyware.
-
Aren't all thumb drives Chinese?
Yup. And besides, the most active government in embedding spyware on drives is NOT the chinese.
-
I wonder if this is how someone fraudulently filed taxes with all my info this year.
-
Yup. And besides, the most active government in embedding spyware on drives is NOT the chinese.
Indeed... and I suspect most here would know who that might be.
But let's change tack a bit, because I don't think it's a hard sell for most to accept that, yep, plug in that thumb drive and there's a decent change it's got something you don't want embedded.
At this point, I'm wondering why anyone would use one for anything but trivial data.
-
What would be a better portable data vessel? CDs?
-
What would be a better portable data vessel? CDs?
Nope, any drive (or controller) can be compromised.
http://www.dailykos.com/story/2015/2/17/1364910/-Breaking-Kaspersky-Exposes-NSA-s-Worldwide-Backdoor-Hacking-of-Virtually-All-Hard-Drive-Firmware
-
This isn't exactly the same topic, but if you want to protect data on a USB drive, you can use Truecrypt to make the whole partition encrypted. Unless someone has Truecrypt and your password, they will not be able to read the files on the USB drive or know anything about those files.
I use this for all sensitive data, just in case I ever lose the USB drive or it's stolen.
As for malware on USB drives, I am concerned a bit about that as well. Using decent antivirus software is about the only thing I can do about that, though, even if it would not be effective against Chinese or "other" agency malware.
I suspect that a large proportion of USB drives are manufactured in China.
-
China are still the enemy?
-
Truecrypt still works, but it is getting old and not being supported anymore. I use Veracrypt. It's a Truecrypt derivative that is still being updated.
-
What would the Chinese want with YOUR data :rofl
-
What would the Chinese want with YOUR data :rofl
You'd be surprised.
btw truecrypt/veracrypt are worthless if your system has been compromised.
-
Maybe, although his question is a good one. Most anything I'd have that wasn't personal would be corporate. Thing is, some of the people we have over there in the PRC would be easier sources than I for much of it. I just found the promo gift a bit odd, especially in light of several recent verified cases of embedded malware/spyware on such.
But then, many laptops/desktops are manufactured in China too, at least up to some level of assembly.
-
Lenovo, IIRC, is the world's largest PC maker. Search on the Lenovo/Superfish scandal - they had been installing spyware on their computers with key logging capability. This could allow them in theory, to see your bank account numbers and passwords if you use the computer for banking.
Poison dog treats, children's toys painted with lead paint; I've heard enough to make me leery of any Chinese product now.
As far as rebranding, I think lots of positive propaganda needs to be generated, clamp down on negative reports and evaluations, bury/distort the true procurement costs as much as possible. Maybe a name change too? Perhaps a rigged demo or two to confuse its planned capability with actual capability?
Re: the madman strategy, it won't be effective if your opponent is willing to pay the cost that you assume is unthinkable.
-
I wonder if this is how someone fraudulently filed taxes with all my info this year.
You may have been one of the victims of the IRS hack.
http://www.cbsnews.com/news/irs-identity-theft-online-hackers-social-security-number-get-transcript/
-
I'm just wondering can anyone recommend a good flash drive that isn't a risk?
-
btw truecrypt/veracrypt are worthless if your system has been compromised.
Yep. It's not for protecting your data from hacks into your running OS but for if someone physically steals your computer or drive or if you lose your USB drive somewhere and don't want people to be able to see what's on it.
-
I'm just wondering can anyone recommend a good flash drive that isn't a risk?
They're all the same tbh, but main brands carry less risk of having malware installed out of the factory. If you buy some kamakuza brand rubbish from a dodgy shop/market you can get into trouble.
-
I normally put new usbsticks into a linux system (raspberry) first, and do a low-format on them.
-
I normally put new usbsticks into a linux system (raspberry) first, and do a low-format on them.
Still won't help you if it's hard coded into the device.
Sorry to terrify you :) - but it's how certain government organizations penetrated isolated facilities like iranian nuclear research sites.
-
You'd be surprised.
btw truecrypt/veracrypt are worthless if your system has been compromised.
Of course. Internet hygiene is very important. Buy your USB devices (it's not just thumb drives that can be compromised) from reputable retailers, and don't let your friends use their potentially dodgy USB devices on your system. If you're really paranoid and think the alphabet agencies are after you, make sure you buy your USB stuff in person rather than ordering them online (that's when they can be intercepted and compromised). And make sure to secure your system physically as well to prevent evil maid attacks.
-
Couldn't these people just use the internet to get in?....Seriously if they want in and they have the capability to embed something to a piece of hardware....they surely have the abilty/people to get in anyway they like....they are probably the people who make the spy/virus ware that big corperations/ governments use anyway.... :noid