Fuzzing is a method of testing with automated software which provides invalid, unexpected, and random data as inputs to a computer program. The testing program then monitors for crashes, assertions and potential memory leaks.
A research team based from Purdue University came up with USBFuzz, which pushes enormous amounts of random data through the USB bus of a system. Hui Peng and Mathias payer (from the Swiss Federal Institute of Tech) came up with the idea and program.
Please don’t lose any sleep over the bugs found.
Peng and Mathias found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reboot and one freezing the system), four in Windows 8 and Windows 10 (resulting in Blue Screens of Death) and the vast majority of bugs, in Linux — 18 in total.
Of all these bugs, Windows users do not need to worry, they have been fixed. Of the 18 found in Linux, 16 of them have been corrected already. Those correct where major security flaws.
What we like about the USBFuzz is the underlying theme to improve the security of the USB platform and continued improvement. We also like USBFuzz becoming an open source bit of code that everyone may use to strengthen thier USB product. The team will release a version on GitHub later this year, 2020.
If you are an avid user of USB security dongles, you might know how challenging it may be to get remote access to these devices. To simplify this task, Electronic Team, Inc. has developed a dedicated software solution capable of sharing USB protection dongles over the network.
Donglify is a lightweight desktop application that allows connecting USB hardware keys to remote computers over the Internet and LAN. The software uses the 2048-bit SSL encryption to secure your connections, so you don’t need to worry that your sensitive data will be intercepted or lost.
One of the nicest things about Donglify is that it can redirect one USB dongle to several remote PCs simultaneously. In order to make a USB hardware key available for use on multiple computers, you can just connect the device to your local PC and share it over the network with nothing more than a couple of clicks. This option, currently, works with HASP HL Pro, Sentinel HL Pro, SafeNet eToken 5110, and CodeMeter CmStick security keys.
USB hardware keys of other types can also be shared over the Internet but you’ll be able to access them from one remote machine at a time.
Donglify is available by subscription and comes with a 30-day free trial. When the trial period is over, you can continue using the service for $19.99 a month.
From this article, the Raspberry Pi 4’s USB-C power port was designed outside of official USB-IF specifications, making it incompatible with many USB-C chargers and/or power supplies. You can read more about from the link above and the information gathered to come to such a conclusion was done by a well known Google engineer, Benson Leung.
The raspberry Pi is a collection of small computer boards put together in a simplistic way to create the foundation of a computer system. The Raspberry Pi (also known as RPi) was released back in Feb of 2012 in the United Kingdom. The original intent of the RPi was to develop a low cost and simplistic computer which students could learn and develop.
The original model became far more popular than anticipated, and started selling outside its target market for uses such as robotics. It does not include peripherals (such as keyboards and mice) or even come inside a case. Literally a bare-bones product.
To give you an idea of the popularity, the RPi products have sold over 19 million units between its release in 2012 to the end of fiscal year 2018. This makes the RPi one of the best-selling computers in the world, although a computer with limited resources. Until now.
This week the Raspberry Pi Foundation has released the Pi 4. This is one hell of a great product. Check out these specifications:
- A 1.5GHz quad-core 64-bit ARM Cortex-A72 CPU (~3× performance)
- 1GB, 2GB, or 4GB of LPDDR4 SDRAM
- Full-throughput Gigabit Ethernet
- Dual-band 802.11ac wireless networking
- Bluetooth 5.0
- Two USB 3.0 and two USB 2.0 ports
- Dual monitor support, at resolutions up to 4K
- VideoCore VI graphics, supporting OpenGL ES 3.x
- 4Kp60 hardware decode of HEVC video
- Complete compatibility with earlier Raspberry Pi products
In addition to the hardware improvements, the Raspberry Pi Foundation says
It’s been a hard day because your USB stick or SD card with important content doesn’t have the file you are looking for. Somehow, maybe your kid, formatted the device and what you are looking for is no longer there.
Wouldn’t it be nice to get some recovery software to find that file?
Better yet, wouldn’t it be nice to have a free download to show you what files can be seen… and then you can decide to buy the software? I mean, your day has already been bad enough, why spend money for a shot in the dark?
EaseUS Data Recovery software is just what you need. Today is a review of this software. Our first and last impression, it’s good stuff!
Here is the “Readers Digest” version of the data recovery software review. Oh, and if youâ€™re a millennial who doesn’t know what “Readers Digest” is, it was a small magazine that would provide short stories and reviews and jokes. Nothing long, everything quick and to the point.
The EaseUS Data Recovery software is free for download with upgrade options.
The fee download gives you the ability to recover up-to one GB of data. The types of situations the free software is best used for is when the file was deleted or the file was formatted off the drive.
Anyone in tech has seen the reports and news about USB sticks with a virus ruined a company network or infect computers. Google built a small and affective feature into their latest Chromebooks.
The USBGuard is a feature which blocks interaction between the mass storage device and the Chrome operating system. The OS will give power to the device, but not let data transmit.
The USBGuard blocks this activity when the Chromebook is in locked mode. When the Chromebook is not in lock mode, the USB will interact as expected as a read/write device.
Account security is one of the most vital pieces of the busy and interconnected world right now and nobody wants strangers accessing their personal information online. You might use a password manager as well as two-factor authentication like we mentioned in a previous post, but now there’s another way to stay protected.
In response to similar approaches from Google and Dropbox, Facebook has added support for safe login security keys. When you log into your account, this device will prove your identity rather than a code which sends to your phone. In addition to the superior security, they’re also potentially faster. With just a tap on the device you can have access to your Facebook account and feel safer in knowing only you can unlock it. It’s a welcome move from the company in an age where cyberattacks and identity theft are on the rise and as a universal rule on the internet, it’s never a bad time to strengthen your defences.
If the “smart TV” craze hasn’t made it to your home entertainment yet, making one on your own is getting easier every year. All you need is a spare HDMI slot and the Intel Compute Stick.
There are two ways to make a USB stick read only. One way is a universal solution and is 100% permanent, the other way is PC specific and a good deterrent. When we say 100% permanent, this means the USB stick is read only (write protected) on all computers, whether it be a Mac, PC, Linux, etc type computer, the USB is read only and the status cannot be changed. The other method flags a USB device to be read only in relationship to the PC it is connected to so that whenever that USB stick is connected to that computer, it makes the USB read only and blocks all write commands to the device.
Most times an IT manager or content owner wants the USB stick to be read only so the files cannot be deleted or formatted off the drive. Another reason for making a USB read only is for the original files to remain the same and blocks the ability for files to be changed or manipulated. Finally, it’s smart to have USBs read only so that virus’ don’t jump onto the drive and possibly spread to other computers.
Let us start with the less permanent way because it’s easier to do and doesn’t require any specific hardware. You will need a Windows7 machine or higher. The Windows7 machine will have DiskPart utility which allows us to perform all sorts of cool things to flash drives, like setting write protection.
- Connect the USB to your Windows computer.
- To begin, go to your Windows Start and in the Search Field type â€œcmdâ€
This will run your Command prompt.
- Next, you will want to get to the C root of the Command prompt and if you are signed in as a user you can simply type cd\ this will get you back to the root of the C drive.
- Type DISKPART
- Type LIST DISK
Now you will need to find the USB stick connected to your PC. Most likely it’s DISK 1
One of the most classic and – yet still perversely prevalent – issues IT staff face is resetting Windows passwords for users who have forgotten them (again). While remote administration has reduced the need to physically reactivate and reset passwords in most scenarios, a copy of L0phtcrack still remains in every experienced admins ‘toolbox’. Of course, having to reboot the system and use a copy of Bart PE or other portable OS’ to run L0phtcrack has a PITA factor all its own.
Well, it seems that entrepreneur Jonty Lovell has done something about it as the all new – and fully funded – Password Reset Key has been designed to take the hassle out of this common issue. In fact, as long as you have physical access to the system even home owners can now reset their forgotten password within mere moments.
The secret to the Password Reset Key is the fact that it combines a key shaped 1GB flash drive – available in black, stainless steel, or ‘gold’ – with a simple OS that auto-loads his custom software upon startup. Just as with L0phtcrack, with a simple click or three, you can scan, reset and even test how secure a given systems login passwords are. Because of its ‘key’ form factor, it will be hard to lose as you can simply stick on your keychain and always have it close at hand. However, be warned that this $15 – $50 device (depending on which option to choose) may get you in trouble with your IT staff as resetting the ‘administrator’ password will greatly â€˜annoy’ them if they find out.
Planon is known for having pen-sized scanners for mobile scanning of business cards, documents, lecture notes and more.Â What Planon continues to do is develop the scanning technology year after year.
The company has just released it’s latest pen scanner, the ScanStik SK600V.Â The V is for Voice Notes.Â It’s now possible to scan from a device the size of a writing pen and include voice memos for the scanned document.Â Nice.
They have also added bluetooth connectivity, but apparently the “b” didn’t make it into the updated part number.
You can scan at 600dpi (dots per inch) and save the file to a microSD card.Â Once you are ready for download, you can connect to a host computer via USB and off-load all those trade show business cards (or competitors spec sheets of that product not yet released).
The above InfoGraph was provided by Nexcopy Company and highlights the current and services available for protecting intellectual property on USB flash media, or USB Copy Protection.Â The concept behind this USB copy protection solution is the ability to share digital files on a flash drive with others, but restrict their ability to pass along that information.
With the above solution a user can protect different file types which are the most popular multimedia files such as PDF, MP3, QuickTime, MP4, M4V, html, flash and some other listed.Â This post is not intended as advertising, but a share of products and services about USB copy protection available on the market today.
When a USB stick is connected to a PC the Windows operating system enumerates the device.Â In simple terms, this means Windows will check to see what type of device was just connected, a HID device, Mass Storage Devicet etc, it will also check the speed of the device.
During the enumeration process some registry entries are made into the Windows registry…this is where a hacker could get into your system and take control.Â This is the update Microsoft issues earlier this week to fix the security flaw.
Since the vulnerability is triggered during USB enumeration, no user intervention is required. In fact, the vulnerability can be triggered when the workstation is locked or when no user is logged in, making this an unauthenticated elevation of privilege for an attacker with casual physical access to the machine. Other software that enables low-level pass-through of USB device enumeration may open additional avenues of exploitation that do not require direct physical access to the system.
So be sure to update your PC with the update notification comes through – it’s in your best interest.
Full Microsoft article