<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-signature"><small>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style> <small>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
<table class="backgroundTable" cellpadding="0" cellspacing="0"
bgcolor="#ffffff" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);
text-align: center;" align="center"><span
style="font-size: 10px; color: rgb(96, 96,
96); line-height: 200%; font-family:
verdana; text-decoration: none;">Email
not displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0,
255); line-height: 200%; font-family:
verdana; text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51,
51); border-bottom: 0px solid rgb(255, 255,
255); background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.08040307.07090500@oplin.org"
title="OPLIN" alt="OPLIN 4Cast"
border="0" align="middle"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
cellpadding="20" cellspacing="0" bgcolor="#ffffff">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff" valign="top">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight:
bold; color: rgb(0, 0, 0); font-family:
arial; line-height: 110%;">OPLIN 4cast
#397: BadUSB</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight:
normal; color: rgb(102, 102, 102);
font-style: italic; font-family: arial;">August
6th, 2014</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><img
src="cid:part4.01060004.00000406@oplin.org" alt="USB drive" align="left"
height="90" width="110">As if you needed
something else to worry about, there seems
to be a strong possibility that USB devices
can be used in new and nasty ways to damage
computers, such as the public computers in
libraries. Security researchers Karsten Nohl
and Jakob Lell are giving a briefing
tomorrow about "BadUSB-on accessories that
turn evil" at the <a
href="https://www.blackhat.com/us-14/briefings.html">Black
Hat</a> convention in Las Vegas. Their
presentation has already received a lot of
attention because they have found a way to
reprogram the controller chip in a USB thumb
drive so it acts like a different USB
device, perhaps a keyboard or network card.
And there doesn't seem to be any easy way
(yet) to protect your computers.
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size:
16px; font-family: arial; line-height:
110%;"><a
href="http://www.wired.com/2014/07/usb-security/">Why
the security of USB is fundamentally
broken</a> (Wired | Andy Greenberg) "The
malware they created, called BadUSB, can
be installed on a USB device to completely
take over a PC, invisibly alter files
installed from the memory stick, or even
redirect the user's internet traffic.
Because BadUSB resides not in the flash
memory storage of USB devices, but in the
firmware that controls their basic
functions, the attack code can remain
hidden long after the contents of the
device's memory would appear to the
average user to be deleted."</li>
<li style="text-align: justify; font-size:
16px; font-family: arial; line-height:
110%;"><a
href="http://www.pcmag.com/article2/0,2817,2461717,00.asp">Researchers
warn about 'BadUSB' exploit</a> (PC Mag
| David Murphy) "A device could, for
example, emulate a USB-connected keyboard
and automatically send over all sorts of
keystrokes that, when combined, could lead
to issues-installing malware, wiping key
files off a drive, copying files over to
the USB device, etc. And that's just the
first example. SRLabs notes that a
USB-connected device could also pretend
that it's a network card and redirect the
traffic to and from a system through a
rogue DNS server. Or, better yet, it could
infect that system with a boot-sector
virus that could be a bit tougher to
detect and remove than your average
infection."</li>
<li style="text-align: justify; font-size:
16px; font-family: arial; line-height:
110%;"><a
href="http://www.zdnet.com/badusb-big-bad-usb-security-problems-ahead-7000032211/">BadUSB:
Big, bad USB security problems ahead</a>
(ZDNet | Steven J. Vaughan-Nichols) "The
hackers claim that 'Simply reinstalling
the operating system - the standard
response to otherwise ineradicable malware
- does not address BadUSB infections at
their root. The USB thumb drive, from
which the operating system is reinstalled,
may already be infected, as may the
hardwired webcam or other USB components
inside the computer. A BadUSB device may
even have replaced the computer's BIOS -
again by emulating a keyboard and
unlocking a hidden file on the USB thumb
drive.' In short, 'Once infected,
computers and their USB peripherals can
never be trusted again.'"</li>
<li style="text-align: justify; font-size:
16px; font-family: arial; line-height:
110%;"><a
href="http://www.tomsguide.com/us/badusb-dont-panic,news-19258.html">Don't
panic over the latest USB flaw</a>
(Tom's Guide | Marshall Honorof) "BadUSB
is a proof-of-concept attack, designed by
security researchers. They're not going to
release it into the wild[...] Furthermore,
demonstrating something like BadUSB at a
conference like Black Hat is basically an
open invitation for the security community
to fix this vulnerability before it
becomes widespread."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Articles
from <a
href="http://ohioweblibrary.org">Ohio
Web Library</a>:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size:
16px; font-family: arial; line-height:
110%;">
<ul>
<li><a
href="http://web.b.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=74f41cbf-334b-4dbc-b939-c06e0948790d%40sessionmgr111&vid=0&hid=103&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=bwh&AN=201405291200PR.NEWS.USPR.SF37647">Auto,
smartphone, point-of-sale (POS) system
and airport security hacks among first
100 talks chosen for Black Hat USA
2014</a>. (<em>PR Newswire US</em>,
05/29/2014)</li>
<li><a
href="http://www.fofweb.com.proxy.oplin.org/Science/LowerFrame.asp?SID=5&iPin=UPI-1-20131230-184339-bc-germany-atmhack&rID=1&InputText=usb">Thieves
used USB sticks to infect ATMs,
withdraw large amounts of cash</a>.
(In <em>Science online</em>, United
Press International, Dec. 30, 2013)</li>
<li><a
href="http://web.a.ebscohost.com.proxy.oplin.org/ehost/detail/detail?sid=f944dd9b-f1d5-4ad4-bfdc-167a0bb52947%40sessionmgr4003&vid=0&hid=4209&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=cph&AN=88934227">Embedded
devices gird up against cyber threats</a>.
(<em>Electronic Design</em>, 6/20/2013,
p18-21 | Bill Wong)</li>
</ul>
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:=""
rgb(255,="" 255,="" 255);="" >=""
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
valign="top" width="760"><span
style="font-size: 10px; color: rgb(96, 96,
96); line-height: 100%; font-family:
verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that
could impact public
libraries. You can subscribe to it in a
variety of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the
following URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast
website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click
on the orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to
the 4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255,
255); background-color: rgb(255, 255, 204);"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg"
valign="top" width="760"> <br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</small></small></div>
</body>
</html>