Archive for the ‘CrashBlogging’ Category

« Older Entries
Newer Entries »

Scientists react to warmest year: 2014 underscores ‘undeniable fact’ of human-caused climate change

Monday, January 19th, 2015

In 134 years of temperature records, the warmth in 2014 exceeded them all, NOAA and NASA announced today.

Unsurpassed heating of the world’s oceans fueled the chart-topping warmth.

Ocean temperatures were more than 1 F above average, NOAA said.  They warmed to a new record even in the absence of an El Niño event, a naturally occurring cycle of ocean heating in the tropical Pacific.

“This is the first year since 1997 that the record warmest year was not an El Niño year at the beginning of the year, because the last three have been,”  Gavin Schmidt, who directs the NASA Goddard Institute for Space Studies, told the Post’s Chris Mooney.

Related: It’s official: 2014 was the hottest year in recorded history(Washington Post Wonk Blog)

Land temperatures weren’t quite record-setting, but still ranked 4th warmest since the start of the data set in 1880. California, much of Europe, including the United Kingdom, and parts of Australia all experienced their warmest years.

News of record global warmth may surprise residents of the eastern U.S., which witnessed colder than normal temperatures in 2014. But the chill was an anomaly and, in fact, the eastern U.S. was among the coolest areas of the world compared to normal.

In NOAA’s analysis of global temperatures, 7 of 12 months in 2014 reached record highs, including December.

Thirteen of the warmest 15 years on record have occurred since the year 2000 according to Climate Central, a non-profit science communications organization based in Princeton, New Jersey. The likelihood of this happening by chance, with the assistance of manmade greenhouse emissions, is less than 1 in 27 million, it calculated.

– More:

 

Posted in Climate Change, CrashBlogging, Rising Ocean Levels, The Perfect Storm, Weather deterioration | No Comments »

Planetary Boundaries 2.0 – new and improved

Sunday, January 18th, 2015

As Science publishes the updated research, four of nine planetary boundaries have been crossed

Four of nine planetary boundaries have now been crossed as a result of human activity, says an international team of 18 researchers in the journal Science (16 January 2015). The four are: climate change, loss of biosphere integrity, land-system change, altered biogeochemical cycles (phosphorus and nitrogen).

Two of these, climate change and biosphere integrity, are what the scientists call “core boundaries”. Significantly altering either of these “core boundaries” would “drive the Earth System into a new state”.

“Transgressing a boundary increases the risk that human activities could inadvertently drive the Earth System into a much less hospitable state, damaging efforts to reduce poverty and leading to a deterioration of human wellbeing in many parts of the world, including wealthy countries,” says Lead author, Professor Will Steffen, researcher at the Centre and the Australian National University, Canberra. “In this new analysis we have improved our quantification of where these risks lie.”

Other co-authors from the Centre are Johan Rockström, Sarah Cornell, Ingo FetzerOonsie Biggs, Carl Folke and Belinda Reyers.

Request publication

What’s new?
The new paper is a development of the Planetary Boundaries concept, which was first published in 2009, identifying nine global priorities relating to human-induced changes to the environment. The science shows that these nine processes and systems regulate the stability and resilience of the Earth System – the interactions of land, ocean, atmosphere and life that together provide conditions upon which our societies depend.

The research builds on a large number of scientific publications critically assessing and improving the planetary boundaries research since its original publication. It confirms the original set of boundaries and provides updated analysis and quantification for several of them, including phosphorus and nitrogen cycles, land-system change, freshwater use and biosphere integrity.

Though the framework keeps the same processes as in 2009, two of them have been given new names, to better reflect what they represent, and yet others have now also been assessed on a regional level.

“Loss of biodiversity” is now called “Change in biosphere integrity.” Biological diversity is vitally important, but the framework now emphasises the impact of humans on ecosystem functioning. Chemical pollution has been given the new name “Introduction of novel entities,” to reflect the fact that humans can influence the Earth system through new technologies in many ways.

“Pollution by toxic synthetic substances is an important component, but we also need to be aware of other potential systemic global risks, such as the release of radioactive materials or nanomaterials,” says Sarah Cornell, coordinator of the Planetary Boundaries research at the Centre. “We believe that these new names better represent the scale and scope of the boundaries,” she continues.

In addition to the globally aggregated Planetary Boundaries, regional-level boundaries have now been developed for biosphere integrity, biogeochemical flows, land-system change and freshwater use. At present only one regional boundary (South Asian Monsoon) can be established for atmospheric aerosol loading.

Nine planetary boundaries
1. Climate change
2. Change in biosphere integrity (biodiversity loss and species extinction)
3. Stratospheric ozone depletion
4. Ocean acidification
5. Biogeochemical flows (phosphorus and nitrogen cycles)
6. Land-system change (for example deforestation)
7. Freshwater use
8. Atmospheric aerosol loading (microscopic particles in the atmosphere that affect climate and living organisms)
9. Introduction of novel entities (e.g. organic pollutants, radioactive materials, nanomaterials, and micro-plastics).

– More:

Posted in Biodiversity Loss, Climate Change, CrashBlogging, Deforestation, Desertification, Extinctions, Nanotechnology, Ocean Acidification, Pollution, Rising Ocean Levels, The Perfect Storm, Water Shortages | No Comments »

The rate of sea-level rise is ‘far worse than previously thought,’ study says

Sunday, January 18th, 2015

Researchers have come up with a new and improved way of measuring the rise in the sea level, and the news is not good: The seas have risen dramatically faster over the last two decades than anyone had known.

For hundreds of years, the seas were measured by more or less the equivalent of plopping a yard stick into the ocean and seeing if the ocean went up or down. But now, that method looks to be outdated.

According to a new study published on Wednesday in Nature, the new method involves an advanced statistical model that analyzes all of the factors contributing to sea rise. It has yielded what appears to be a much more accurate picture of the oceans and suggests previous studies had severely underestimated the acceleration of recent sea rise.

“What this paper shows is that the sea-level acceleration over the past century has been greater than had been estimated by others,” lead writer Eric Morrow said in a statement. “It’s a larger problem than we initially thought.” Co-author Carling Hay added in an interview with BBC: “The acceleration into the last two decades is far worse than previously thought. This new acceleration is about 25 percent higher than previous estimates.”

– More:

 

Posted in CrashBlogging, Rising Ocean Levels, The Perfect Storm | No Comments »

Powerful, highly stealthy Linux trojan may have infected victims for years

Wednesday, December 10th, 2014

Backdoor tied to espionage campaign that has targeted governments in 45 countries.

Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world.

The previously undiscovered malware represents a missing puzzle piece tied to “Turla,” a so-called advanced persistent threat (APT) disclosed in August by Kaspersky Lab and Symantec. For at least four years, the campaign targeted government institutions, embassies, military, education, research, and pharmaceutical companies in more than 45 countries. The unknown attackers—who are probably backed by a nation-state, according to Symantec—were known to have infected several hundred Windows-based computers by exploiting a variety of vulnerabilities, at least two of which were zero-day bugs. The malware was notable for its use of a rootkit that made it extremely hard to detect.

Now researchers from Moscow-based Kaspersky Lab have detected Linux-based malware used in the same campaign. Turla was already ranked as one of the top-tier APTs, in the same league as the recently disclosed Regin for instance. The discovery of the Linux component suggests it is bigger than previously thought and may presage the discovery of still more infected systems.

“The [Turla] operations are being carried out in broader environments than we previously knew,” Kaspersky Lab expert Kurt Baumgartner told Ars. “All the other stuff we’ve seen from Turla has been windows based. This piece of the puzzle shows us that they do not limit themselves.”

…More:  

 

Posted in CrashBlogging, CyberChaos, The Perfect Storm | No Comments »

Exposed: NSA program for hacking any cell phone network, no matter where it is

Monday, December 8th, 2014

– Worth noting how high the percentage is for New Zealand in the chart which you can find in the original article.

– dennis

= = = = = = = = = = = = = = = = = = = =

The National Security Agency has spied on hundreds of companies and groups around the world, including in countries allied with the US government, as part of an effort designed to allow agents to hack into any cellular network, no matter where it’s located, according to a report published Thursday.

Armed with technical details of a specific provider’s current or planned networks, agents secretly attempt to identify or introduce flaws that will make it possible for communications to be covertly tapped, according to an article published by The Intercept. Security experts warned that programs that introduce security flaws or suppress fixes for existing vulnerabilities could cause widespread harm, since the bugs can also be exploited by criminal hackers or governments of nations around the world.

“Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Karsten Nohl, a cryptographer and smartphone security expert, told The Intercept. “Because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”

t’s not the first time the US agency has been reported to introduce backdoors into widely used technologies. Last year documents provided by former NSA subcontractor Edward Snowden—the same source for documents supporting Thursday’s story by The Intercept—showed that the NSA worked with standards bodies to adopt encryption technologies with known vulnerabilities in them. Two weeks later, the RSA division of EMC warned customers to stop using the default configuration of its BSAFE BSAFE toolkit and Data Protection Manager because it contained code reported to contain an NSA-engineered vulnerability.

The program reported Thursday, codenamed AURORAGOLD, has monitored messages sent and received by more than 1,200 email accounts associated with large cell phone operators around the world. One surveillance target is the GSM Association (GSMA), a UK-based group that works with Microsoft, Facebook, AT&T, Cisco Systems, and many other companies to ensure their hardware and software related to cellular technology is compatible. At the same time the NSA has been monitoring the group, other arms of the US government has funded GSMA programs designed to boost privacy on mobile networks. According to The Intercept:

The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.”

Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.”

The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.”

The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.

Last year, The Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3.

The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption.

NSA documents show that AURORAGOLD focuses on collecting details about virtually all technical standards used by cell phone operators.

– to the original article:

 

 

Posted in Corruption, CrashBlogging, CyberChaos, Human Rights, Social Breakdown, The Perfect Storm | No Comments »

US government planes collecting phone data

Tuesday, November 18th, 2014

– Remember the piece I posted not long ago entitled, “Crypto phones and dubious cell phone towers“, that was about unidentified cell towers scattered around the country soaking up data for unknown purposes?  

– Well, here’s another story along that line.

– dennis

= = = = = = = = = = = = = = = = = = = = =

Devices that gather data from millions of mobile phones are being flown over the US by the government, according to the Wall Street Journal.

The “dirtbox” devices mimic mobile phone tower transmissions, and handsets transmit back their location and unique identity data, the report claims.

While they are used to track specific suspects, all mobile devices in the area will respond to the signal.

The US Justice Department refused to confirm or deny the report.

The Wall Street Journal said it had spoken to “sources familiar with the programme” who said Cessna aircraft fitted with dirtboxes were flying from at least five US airports.

The department said that it operated within federal law.

– More…

 

Posted in CrashBlogging, CyberChaos, Human Rights, Social Breakdown, The Perfect Storm | No Comments »

Just a trio of stories from the passing river

Wednesday, November 12th, 2014

– So, here are three stories that I’ve gleaned from the river of passing news just today.  

– For all of you who think things are just fine, you should pull yourself up out of whatever obsessive thing it is you are doing and smell the coffee.  The smell has changed, my friends, and its got a serious stink to it.

Story # 1 is about a man named Richard Berman who lobbies for the Oil Industry.

Secret oil industry strategies inadvertently revealed

small point to glean here: these folks do not care if they ruin the world.  They are unabashedly out to confuse and manipulate you so they can massively profit from oil sales in the near term.  And they do not care about you or the long term.

Story # 2 is about something called Asset Forfeiture.

Police Use Department Wish List When Deciding Which Assets to Seize

small point to glean here: you do not have to be found guilty for them to seize your assets.  And, if you are found innocent later, it will still cost you a bundle to get your stuff back – if you ever do.

Story # 3 is about a woman named Alayne Fleischmann.

Alayne Fleischmann exposes JPMorgan’s “massive criminal securities fraud”

small point to glean here: these folks committed bigger crimes than most of us can even conceive of.  And none of them – none – have gone to jail for it.

– You should read all three stories and reflect that there’s more and more of this stuff going on around you all the time.  And that at some point, it is going to get rude enough and personal enough that it is going to intrude into your little world.

– The rich are out to take what you have.  And the police, whom you might think should be protecting you, are out to take what you have as well, if they can.  

– You’re just like a little mouse down in a safe corner and the only reason you are still safe is because the dogs from hell haven’t discovered you yet

– If I dipped my foot in the river again, I’m sure I could come up with another three stories, or 10 or 20.  The water’s running deep and fast out there in the river of news and information but you really need to turn away from your TV screen to see it because they damn sure are not going to put the real news on your screen to warn you.  That screen is there to sedate you.

– That there are big and growing problems in your world is not going to be a recognition you are going to want to have late in the game.  Earlier is always better when you want to reposition yourself out of harm’s way.

– U.S. friends – don’t think any of this is real, that it won’t entangle you and yours or that it won’t actually amount to anything?

– No problem.  At least you won’t be getting in anyone else’s way when they have woken up and are bailing out.

– dennis

 

 

Posted in Capitalism & Corporations, Corporate takeover of Government, Corruption, CrashBlogging, The Perfect Storm | No Comments »

Salt-Water Fish Extinction Seen By 2048

Wednesday, November 12th, 2014

– Nothing new here.  Just the same slowly approaching train wreck which is being widely ignored – as if that will make it all go away.  

– I really wonder about people in general.  Not just the obsessively greedy or power-minded but just the average Joe.  

– The scientists have been sounding the ‘end-of-the-world-as-we-know-it’ klaxons for some time now and everyone’s just changing the channel to sort it out for themselves.

– dennis

= = = = = = = = = = = = = = = = = = = =

The apocalypse has a new date: 2048.

That’s when the world’s oceans will be empty of fish, predicts an international team of ecologists and economists. The cause: the disappearance of species due to overfishing, pollution, habitat loss, and climate change.

The study by Boris Worm, PhD, of Dalhousie University in Halifax, Nova Scotia, — with colleagues in the U.K., U.S., Sweden, and Panama — was an effort to understand what this loss of ocean species might mean to the world.

The researchers analyzed several different kinds of data. Even to these ecology-minded scientists, the results were an unpleasant surprise.

“I was shocked and disturbed by how consistent these trends are — beyond anything we suspected,” Worm says in a news release.

“This isn’t predicted to happen. This is happening now,” study researcher Nicola Beaumont, PhD, of the Plymouth Marine Laboratory, U.K., says in a news release.

“If biodiversity continues to decline, the marine environment will not be able to sustain our way of life. Indeed, it may not be able to sustain our lives at all,” Beaumont adds.

Already, 29% of edible fish and seafood species have declined by 90% — a drop that means the collapse of these fisheries.

But the issue isn’t just having seafood on our plates. Ocean species filter toxins from the water. They protect shorelines. And they reduce the risks of algae blooms such as the red tide.

“A large and increasing proportion of our population lives close to the coast; thus the loss of services such as flood control and waste detoxification can have disastrous consequences,” Worm and colleagues say.

The researchers analyzed data from 32 experiments on different marine environments.

They then analyzed the 1,000-year history of 12 coastal regions around the world, including San Francisco and Chesapeake bays in the U.S., and the Adriatic, Baltic, and North seas in Europe.

Next, they analyzed fishery data from 64 large marine ecosystems.

And finally, they looked at the recovery of 48 protected ocean areas.

Their bottom line: Everything that lives in the ocean is important. The diversity of ocean life is the key to its survival. The areas of the ocean with the most different kinds of life are the healthiest.

But the loss of species isn’t gradual. It’s happening fast — and getting faster, the researchers say.

Worm and colleagues call for sustainable fisheries management, pollution control, habitat maintenance, and the creation of more ocean reserves.

This, they say, isn’t a cost; it’s an investment that will pay off in lower insurance costs, a sustainable fish industry, fewer natural disasters, human health, and more.

“It’s not too late. We can turn this around,” Worm says. “But less than 1% of the global ocean is effectively protected right now.”

Worm and colleagues report their findings in the Nov. 3 issue of Science.

– To the original article:

Posted in Biodiversity Loss, Climate Change, CrashBlogging, Extinctions, Food Shortages, Ocean Acidification, Ocean Dead Zones, Science, Social Breakdown | No Comments »

Pentagon: global warming will change how US military trains and goes to war

Wednesday, October 15th, 2014

“The Pentagon was first instructed by Congress in 2007 to incorporate climate change into its long-term security planning.

But Republicans in Congress have gone on to block the military from preparing for a warmer future, cutting funds for intelligence gathering or testing low-carbon jet fuels.”

As I’ve said, the climate change nay-sayers no longer have to just sow doubt about the scientific consensus, now they have to confront the world’s militaries and insurance industries – both of which don’t care a fig about political spin.  And both of which who have to ‘get it right’ or their very missions or survival are on the line.

– dennis

= = = = = = = = = = = = = = = = = = = = = = =

Global warming is changing the way the US trains for and goes to war – affecting war games, weapons systems, training exercises, and military installations – according to the Pentagon.

The defence secretary, Chuck Hagel, will tell a high-level meeting of military leaders on Monday that the Pentagon is undertaking sweeping changes to operation systems and installations to keep up with a growing threat of rising seas, droughts, and natural disasters caused by climate change.

“A changing climate will have real impacts on our military and the way it executes its missions,” Hagel wrote in his introduction to a Pentagon report out today. “We are considering the impacts of climate change in our war games and defence planning scenarios.”

The Pentagon’s strategic planners have for years viewed climate change as a “threat multiplier”– worsening old conflicts and potentially provoking new clashes over migration and shortages of food and water in the Middle East, Africa and Asia, and opening up new military challenges in a melting Arctic.

But with Monday’s report, climate change moved from potential threat to an immediate factor in a wide range of operational and budgeting decisions.

“It makes it a reality that climate change indeed is a risk today, and we need to plan, programme and budget for it now and into the future,” said Sherri Goodman, chief executive of the military advisory board, a group of former generals and other high-ranking officers that studies US national security.

The report – unveiled at a meeting of more than 30 defence ministers from the Americas and Europe – also signalled US intention to take a lead role at international climate negotiations in Lima in December.

From now on, the military will factor climate change into a host of day-to-day decisions, a senior defence official told a conference call with reporters.

“It’s about being baked into things we are already doing, and incorporated into all the other things we are doing,” he said.

Those decisions could include war games, training exercises, and purchasing decisions – which could all be affected by conditions such as sea-level rise, heat waves, and drought.

War games scenarios would now factor in floods or storms instead of assuming optimal conditions, said Goodman. “You could make the game more complex with sea-level rise, and extreme weather events.”

She said the navy would have to test sonar and other systems under the changing ocean chemistry. The military will have to adapt to hotter temperatures.

One of the biggest and most costly decisions ahead is the location of some 7,000 US military sites.

As the report acknowledged, US military installations and personnel are already exposed to climate change. The Hampton Roads area in Virginia – which houses the biggest concentration of US forces – already floods during high tides and severe storms, and could see an additional 1.5 feet of sea level rise in the next 20 years.

Meanwhile, military bases in the south-west are coping with water and electricity shortages, under recurring droughts. Arctic land-based installations are shifting because of melting permafrost, while retreating sea ice is changing naval requirements.

The Pentagon is not planning a wholesale relocation of bases, the officials told the call. But they said the military was already bringing in sandbags and moving generators out of basements in low-lying areas. It was also shelving ideas for new construction on flood plains.

Other potential changes include cuts to outdoor training exercises – because of heat waves, or increased weapons maintenance costs and repairs because of heat and dust.

“As we think about changing weather patterns we have to think hard about where operations might be conducted and whether we need to change the assumptions about what kind of air breathing conditions … what kind of sea state we might expect in an operating environment, and what impact they might have.”

The report said troops could also be at greater risk of infectious diseases, which spread more rapidly in hotter temperatures.

Hagel in comments to reporters at the weekend said the Pentagon anticipated an increase in humanitarian missions, because of natural disasters and recurring famines.

He also said the Arctic presented a growing military challenge.

“We see an Arctic that is melting, meaning that most likely a new sea lane will emerge,” he said. “We know that there are significant minerals and natural deposits of oil and natural gas there. That means that nations will compete for those natural resources. That’s never been an issue before. You couldn’t get up there and get anything out of there. We have to manage through what those conditions and new realities are going to bring in the way of potential threats.”

The Pentagon was first instructed by Congress in 2007 to incorporate climate change into its long-term security planning.

But Republicans in Congress have gone on to block the military from preparing for a warmer future, cutting funds for intelligence gathering or testing low-carbon jet fuels.

Officials told the call that planning for the future would help bring down climate-related costs.

“There is a lot you can do to mitigate risk and lower the cost of risks if you acknowledge the risk exists,” the officials said.

– to the original:  

 

Posted in Capitalism & Corporations, CrashBlogging, Mental Irrationality, Politics - The Wrong Way, The Perfect Storm | No Comments »

Why the Security of USB Is Fundamentally Broken

Monday, August 11th, 2014

– If you liked what I posted yesterday, you’l love today.

– dennis

= = = = = = = = = = = = = = = = = = =

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

‘IN THIS NEW WAY OF THINKING, YOU HAVE TO CONSIDER A USB INFECTED AND THROW IT AWAY AS SOON AS IT TOUCHES A NON-TRUSTED COMPUTER.’

Nohl and Lell, researchers for the security consultancy SR Labs, are hardly the first to point out that USB devices can store and spread malware. But the two hackers didn’t merely copy their own custom-coded infections into USB devices’ memory. They spent months reverse engineering the firmware that runs the basic communication functions of USB devices—the controller chips that allow the devices to communicate with a PC and let users move files on and off of them. Their central finding is that USB firmware, which exists in varying forms in all USB devices, can be reprogrammed to hide attack code. “You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean,’” says Nohl. But unless the IT guy has the reverse engineering skills to find and analyze that firmware, “the cleaning process doesn’t even touch the files we’re talking about.”

The problem isn’t limited to thumb drives. All manner of USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed—in addition to USB memory sticks, Nohl and Lell say they’ve also tested their attack on an Android handset plugged into a PC. And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.

The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases. Or if the code is planted on a phone or another device with an internet connection, it can act as a man-in-the-middle, secretly spying on communications as it relays them from the victim’s machine.

Most of us learned long ago not to run executable files from sketchy USB sticks. But old-fashioned USB hygiene can’t stop this newer flavor of infection: Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer. There’s not even any trusted USB firmware to compare the code against.

The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.”

– More…

 

Posted in CrashBlogging, CyberChaos, Tech-Hardware, The Perfect Storm | No Comments »

« Older Entries
Newer Entries »