I am very, very unhappy about the Fear, Uncertainty and Doubt (FUD) created by Karsten Nohl and Jakob Lell who will present their findings, as well as proof-of-concept software, at the Black Hatconference in Las Vegas this August. What makes me unhappy is how easy they generalize the fact that in some extraordinary circumstances some bad things can happen. “In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it,” Nohl said. “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.” What is the story? Read here the original article: http://www.wired.com/2014/07/usb-security/ This is the most interesting part: The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average…
All these I needed to do on my RaspberryPI so that I can share a mounted USB drive to the entire network and to be accessible fully without any authentication. I know, not very smart, but try to configure a TV, 2 iPads, 1 iPhone, 1 Android and one Internet radio to access it. My USB Hdd is /dev/sda1 and it is mounted on /media/usb /etc/samba/smb.conf security = share guest account = nobody [media] comment= Media read only = no path = /media guest ok = yes browseable = yes public = yes guest only = yes guest account = nobody /etc/fstab /dev/sda1 /media/usb ntfs noatime,users,uid=0,gid=0,fmask=0111,dmask=0 0 2 Note: This will allow all rights on the /media/usb to all users. Don’t forget to restart the system or the services.
Quite a lot of people take now their netbook or smartphone with them when travelling. Because of this, almost every quarter of the year we read stories about sensitive personal data was lost because some laptop or USB stick got stolen. Moreover, with the rise of the mobile devices like smartphones, tablets and pads, anyone can carry gigabytes of data anywhere. All these problems can disappear if we simply encrypt the data no matter where we carry it. But, while encrypting each file is the most secure method, it is also the most inconvenient of all. In this article I will describe simple, effective and gratis methods of securing your devices. The entire article is in the Avira Techblog : Improve your Security #2: Securing your notebook