DTNS 2291 – Protect Your Dongle

Logo by Mustafa Anabtawi thepolarcat.comDarren Kitchen is on to bust some FUD about the BadUSB. What DO we need to be concerned with. Plus Len Peralta illustrates the show!

MP3

Multiple versions (ogg, video etc.) from Archive.org.

Please SUBSCRIBE HERE.

A special thanks to all our Patreon supporters–without you, none of this would be possible.

If you enjoy the show, please consider supporting the show here at the low, low cost of a nickel a day on Patreon. Thank you!

Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!

Big thanks to Mustafa A. from thepolarcat.com for the logo!

Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit

Show Notes

Today’s guests:  Darren Kitchen of hak5.org & Len Peralta, the artist also know as lenperaltastore.com

Headlines

Click for the Mina Spiegel Rees tape piece on Soundcloud

ReCode reports Apple has officially closed their $3 billion deal to acquire the experience that is Beats Electronics. Apple wrote on a welcome page “We’re delighted to be working with the team to elevate that experience even further. And we can’t wait to hear what’s next.” What’s next for roughly 200 Beats workers is their positions become temporary. Online ordering of Beats products has shifted to the Apple store.

TechCrunch reports HP has teamed up with fashion designer Michael Bastian and shopping site Gilt to sell their snazzy new smartwatch. The watch is custom built and syncs with an app for iOS or Android to push email and text notices to the watch. It’ll also offer music control, as well as weather, sports and stock price updates. But its really all about looks. It has a 44mm circular watchface with straps available in brown leather, a green nylon and black rubber Price hasn’t been set but it will ship this autumn. 

Reuters reports hundreds of Chinese employees of Microsoft’s recently acquired Nokia handset business protested against layoffs at a Beijing research center and factory that currently employs 2,400 people. Microsoft intends to reduce the workforce at the site but not close it entirely. 

If you have more than 3,000 readers on your blog and you operate in Russia, you’ll need to register with telecommunications regulator Roskomnadzor under a new law. GigaOm passes along that Izvestia reports Roskomnadzor has sent its first batch of notices to bloggers who must also disclose their true identity, avoid hate speech,“extremist calls” and obscene language. They also must verify any information before publishing it. In response LiveJournal now only reports 2,500+ on its readership stats page. 

According to Engadget, Ebay published their diversity report showing 42 percent of its employees are women. Women account for 28% of leadership roles and 24% of tech jobs. Ebay’s female percentage is slightly larger than Pinterest (40%), Yahoo (37%), Google (30%) and Twitter (30%). The number are smaller when it comes to some ethnicities. 7% of Ebay’s total employees self-identify as Black, and 5% Hispanic. 55 percent of people in tech roles at the company identify as Asian. 

Tired of Europe always going after Google lately? Now they get a break. An Austrian privacy campaign group called Europe-v-Facebook is going after Facebook Ireland filing suit in Vienna claiming the social media giant violated Austrian privacy laws by tracking users on third party websites, and the company’s non-compliance with data access requests and for Facebook’s alleged participation in the Prism data collection program run by the U.S.NSA… among others. 

Android has been cleaning up in marketshare by shipping but what about actual usage? Net Applications tracks just such a stat and for the first tim Android has topped iOS in their survey of usage grabbing 44.62% of worldwide usage to iOS’s 44.19%. Windows Phone took a nice jump to 2.49% of usage.

News From You

dan_linder submitted the Wired Uk story that British scientist Roger Shawyer’s EmDrive may have got some validation from NASA. The controversial drive allegedly converts electric power into thrust, without the need for propellant by bouncing microwaves around in a closed container. Critics say that violates the conservation of momentum. Last year a Chinese team replicated the results to little fanfare. Now US scientist Guido Fetta has built his own version of a microwave thruster, which NASA agreed to test at Johnson Space Center. The test results were presented on July 30 at the 50th Joint Propulsion Conference in Cleveland, Ohio. The drive produced 30 to 50 micronewtons of thrust. Small, but positive.

the_big_endian wanted us to know that on the scrap heap of Google tech that includes Google Reader, Google Health and Knol, we should make room for…the Google Barge? The Next Web passes along the Portland-Press Herald report that the barge, which had been intended as a showroom for the Google X division, was towed into Portland Harbor last October, only to be sold to an international barging company. The four-story building built out of shipping containers will be dismantled. However a similar mystery barge docked in Stockton, California remains untouched. 

Pick of the Day: Keysduplicated.com

Joellen writes in: “I wanted to send in a Pick of the day… but it may be more of a discussion topic since it seems a bit controversial at the moment. The pick would be Keysduplicated.com, a service that lets you make copies of your keys by taking pictures with your phone. I’ve used it several times now to get copies of keys, as well as send copies to AirBnB guests who will be staying at my place. It’s worked great thus far, and has saved me many trips to the hardware store. The service, however, has gotten some mixed press recently. Most of it seems like nightly news “scare-mongering”, but I’d be interested to hear your opinion. At the very least, I think its something your audience should know about.”

Pick of the Day: Keys Duplicated via Joellen:

Joellen writes in: “I wanted to send in a Pick of the day… but it may be more of a discussion topic since it seems a bit controversial at the moment. The pick would be Keysduplicated.com, a service that lets you make copies of your keys by taking pictures with your phone. I’ve used it several times now to get copies of keys, as well as send copies to AirBnB guests who will be staying at my place. It’s worked great thus far, and has saved me many trips to the hardware store. The service, however, has gotten some mixed press recently. Most of it seems like nightly news “scare-mongering”, but I’d be interested to hear your opinion. At the very least, I think its something your audience should know about.”

Plug of the Day: 

Plug of the day: Like tech history? I’ve teamed up with Scott Johnson to put out monthly looks at what happened in history this month. For 99 cents you get what happened on each day of the month that helped make the tech we sue today, plus illustrations from Scott Johnson. Check them out for 99 cents each at tommerrittbooks.com or just search Amazon.        

Monday’s guest: Todd Whitehead of Alpha Geek Radio

3 thoughts on “DTNS 2291 – Protect Your Dongle”

  1. It seems that the badusb exploit that is most dangerous is a usb device acting as a keyboard (or mouse, perhaps). New OS versions (and updates) may defend against this perhaps by allowing only a maximum number of defined keyboards/mice in the system. If more than this limit enumerate on the USB bus, the system refuses to start up, and if more devices hot-plug after starting operation, the system refuses to use the new device. The limit can only be changed when there is exactly one keyboard on the system (or some such security measure).
    Other devices such as ethernet devices and mass storage devices require further configuration (auto-mount is BAD), normally require further action to make the device active, so they aren’t as useful as a hacking method..

    Now, what is *REALLY* scary, is re-programming the controllers on SD cards (or built-in flash devices)….

  2. Bad USB.
    If USB devices are “trusted” because humans are controlling them. It seems to me that a simple Popup USB Description on the screen would solve this problem.
    If I plug in a Mass storage device and the Popup says “USB keyboard detected” I would instantly know there’s a problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.