|
16 May 2007
|
Contributing Member
HUBB regular
|
|
Join Date: Jun 2002
Location: Denmark, Western Australia (previously Derbyshire, UK)
Posts: 94
|
|
WARNING: USB Flash Drive users beware
If you routinely plug a USB flash drive into PCs in internet cafes, or even PCs where at some time untrusted people may have temporarily had access (even possibly your friend's or your own home PC), then at some point it is likely that a copy of your files will be covertly taken without your permission.
USB Hacksaw is one example of freely available software that makes this very easy to do:
http://wiki.hak5.org/wiki//USB_Hacksaw:
This web page gives a free download of the USB Hacksaw software. It takes a few minutes to download and install this to a USB flash drive. The rogue flash drive is then plugged into the USB port of a PC and automatically installs the USB Hacksaw software within seconds, with no need for user input. Here is a description of what happens next:
"This hack is based on a modified version of USBDumper. Once installed on a targert machine it will stay resident and wait for a USB flash drive to be inserted. Once a USB flash drive is inserted the hacksaw will download the contents of the drive to a temporary location using the modified USBDumper, then silently run the send.bat file located in the same directory, which will then archive the contents using RAR, eastablish an SSL SMTP connection to smtp.gmail.com using Stunnel and Blat, email the downloaded data to an email address, and remove the documents and archives."
|
17 May 2007
|
Registered Users
Veteran HUBBer
|
|
Join Date: Sep 2004
Location: Estonia
Posts: 351
|
|
Things like that were discussed a few days ago:
http://www.horizonsunlimited.com/hub...s-device-27022
While in Africa I now and then got some new .exe files (viruses) on my USB stick after visiting Internet cafes.
|
23 May 2007
|
Registered Users
HUBB regular
|
|
Join Date: Aug 2006
Location: Louisiana
Posts: 22
|
|
OMGoodness, I am so glad you posted this, I keep all my bike payment info on my thumb drive, so I can prove when payments have been made, of course it links to my bank account too.
AHHhhh, I scared myself !
Gotta fix this, before I go on the road again.
I already knew about the key logger, so thanks too Ian Bradshaw..
|
23 May 2007
|
|
Contributing Member
Veteran HUBBer
|
|
Join Date: Sep 2003
Location: Whangarei, NZ
Posts: 2,214
|
|
Keep sensitive info on your USB stick and your laptop encrypted, using something like PGP. If you use a good passphrase the encryption is uncrackable and a data thief is left with useless files.
|
23 May 2007
|
|
Contributing Member
Veteran HUBBer
|
|
Join Date: Jun 2006
Location: St Helens
Posts: 763
|
|
Quote:
Originally Posted by beddhist
Keep sensitive info on your USB stick and your laptop encrypted, using something like PGP. If you use a good passphrase the encryption is uncrackable and a data thief is left with useless files.
|
No encryption is uncrackable.
Best to keep the data away from computers IMO, and I work with the things !
Now, if only internet cafes dropped MS and realised Solaris was a better solution :-)
|
24 May 2007
|
|
Contributing Member
Veteran HUBBer
|
|
Join Date: Sep 2003
Location: Whangarei, NZ
Posts: 2,214
|
|
Quote:
Originally Posted by BruceP
No encryption is uncrackable.
|
Reading a bit about it it is my understanding that with a secure passphrase all available computing power on the planet would take more than a lifetime to crack the algorithm. I don't care what happens to my data after I'm dead.
Quote:
Originally Posted by BruceP
Best to keep the data away from computers IMO, and I work with the things !
|
Don't use computers, then? You will need to write it down in clear text on paper then...
All safety and security is relative.
|
24 May 2007
|
Gold Member
Veteran HUBBer
|
|
Join Date: Apr 2006
Location: Philadelphia, US
Posts: 646
|
|
Yo have two concerns with the USB stick...Upstream and Downstream.
Upstream deals with infecting other computers with your USB stick and that will compromise more information than exists on your stick.
Downstream deals with the information on your stick being emailed to a culprit.
To mitigate the Upstream risk, online solutions are available but aren't 100%. I won't recommend any specifically as I don't want my PM box filled with IT specific questions. But do your 5minutes of research now and develop a plan before you run into a problem, and at a time convenient to you.
Downstream, same advice as upstream. These cafes, and other public places are vectors for such hacks/viruses/etc.
|
6 Jun 2007
|
Registered Users
New on the HUBB
|
|
Join Date: Jun 2007
Posts: 2
|
|
Hey this is Darren from Hak5. I'm the author of the program in question. I found this site while checking our apache logs. Anyway as a fellow rider myself I figured I'd weigh in on this.
First off, the program was built as a proof of concept to show how vulnerable Windows computers are in their default configuration. We spent a great deal of time talking about how to protect yourself from such a hack in the episode that covered this program. Education is always the answer.
I highly recommend everyone with USB drives look into encryption. My personal favorite is a free and open source program called Truecrypt, from truecrypt.com. It's really easy to use and very secure. Google it and you'll find a ton of tutorials and testimonials.
Anyway I hope that clears things up.
Oh and for the record I ride a Honda Rebel, but will soon be moving up to the Shadow Spirit. 250cc just isn't enough, especially on those long hauls!
|
6 Jun 2007
|
Registered Users
Veteran HUBBer
|
|
Join Date: Sep 2004
Location: Estonia
Posts: 351
|
|
Quote:
Originally Posted by Hak5Darren
I highly recommend everyone with USB drives look into encryption. My personal favorite is a free and open source program called Truecrypt, from truecrypt.com. It's really easy to use and very secure.
|
Drive decryption requires password entry and that password can be captured by key logger, unless it uses some kind of "password hardware" like physical ID card or something. There is no security in public computers if you need to enter password via keyboard.
Also, this Truecrypt software requires Windows 2000 or newer and *administrator privileges*, something that is not present in many public computers (internet cafes). Also I can't see how data from new decrypted virtual disk can't be copied by a bad program the same way as from ordinary volume if the decrypted volume appears in system as a logical disk the same way as any other disks.
|
27 Jul 2007
|
Contributing Member
Veteran HUBBer
|
|
Join Date: Jul 2002
Location: Sydney, NSW, Australia
Posts: 1,362
|
|
What they'll get off my flash drive is a few Gb of photos ..
__________________
---
Regards Frank Warner
motorcycles BMW R80 G/S 1981, BMW K11LT 1993, BMW K75 G/S
|
Currently Active Users Viewing This Thread: 1 (0 Registered Users and/or Members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
Similar Threads
|
Thread |
Thread Starter |
Forum |
Replies |
Last Post |
U3 Flash Drive?
|
Ekke |
Communications |
13 |
6 Jun 2007 20:21 |
|
Check the RAW segments; Grant, your HU host is on every month!
Episodes below to listen to while you, err, pretend to do something or other...
2020 Edition of Chris Scott's Adventure Motorcycling Handbook.
"Ultimate global guide for red-blooded bikers planning overseas exploration. Covers choice & preparation of best bike, shipping overseas, baggage design, riding techniques, travel health, visas, documentation, safety and useful addresses." Recommended. (Grant)
Ripcord Rescue Travel Insurance™ combines into a single integrated program the best evacuation and rescue with the premier travel insurance coverages designed for adventurers.
Led by special operations veterans, Stanford Medicine affiliated physicians, paramedics and other travel experts, Ripcord is perfect for adventure seekers, climbers, skiers, sports enthusiasts, hunters, international travelers, humanitarian efforts, expeditions and more.
Ripcord travel protection is now available for ALL nationalities, and travel is covered on motorcycles of all sizes!
What others say about HU...
"This site is the BIBLE for international bike travelers." Greg, Australia
"Thank you! The web site, The travels, The insight, The inspiration, Everything, just thanks." Colin, UK
"My friend and I are planning a trip from Singapore to England... We found (the HU) site invaluable as an aid to planning and have based a lot of our purchases (bikes, riding gear, etc.) on what we have learned from this site." Phil, Australia
"I for one always had an adventurous spirit, but you and Susan lit the fire for my trip and I'll be forever grateful for what you two do to inspire others to just do it." Brent, USA
"Your website is a mecca of valuable information and the (video) series is informative, entertaining, and inspiring!" Jennifer, Canada
"Your worldwide organisation and events are the Go To places to for all serious touring and aspiring touring bikers." Trevor, South Africa
"This is the answer to all my questions." Haydn, Australia
"Keep going the excellent work you are doing for Horizons Unlimited - I love it!" Thomas, Germany
Lots more comments here!
Diaries of a compulsive traveller
by Graham Field
Book, eBook, Audiobook
"A compelling, honest, inspiring and entertaining writing style with a built-in feel-good factor" Get them NOW from the authors' website and Amazon.com, Amazon.ca, Amazon.co.uk.
Back Road Map Books and Backroad GPS Maps for all of Canada - a must have!
New to Horizons Unlimited?
New to motorcycle travelling? New to the HU site? Confused? Too many options? It's really very simple - just 4 easy steps!
Horizons Unlimited was founded in 1997 by Grant and Susan Johnson following their journey around the world on a BMW R80G/S.
Read more about Grant & Susan's story
Membership - help keep us going!
Horizons Unlimited is not a big multi-national company, just two people who love motorcycle travel and have grown what started as a hobby in 1997 into a full time job (usually 8-10 hours per day and 7 days a week) and a labour of love. To keep it going and a roof over our heads, we run events all over the world with the help of volunteers; we sell inspirational and informative DVDs; we have a few selected advertisers; and we make a small amount from memberships.
You don't have to be a Member to come to an HU meeting, access the website, or ask questions on the HUBB. What you get for your membership contribution is our sincere gratitude, good karma and knowing that you're helping to keep the motorcycle travel dream alive. Contributing Members and Gold Members do get additional features on the HUBB. Here's a list of all the Member benefits on the HUBB.
|
|
|