HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
You must login to participate in this chat. Please login.

Now I see many contractors...

I tried search in Google, had all needed info

My kids do get a malware all the time from online games

Thanks for the informative presentation Clint.  Sorry I missed the live seminar.

Iron

Thanks again, I'm out of here.

Iron

I'm really not sure yet. I really need to see a proof of concept first before I take it too serious. If it turns out to be a real threat I will be doing more research and presenting my findings in the future.

Blogger

Do you think it is a valid attack vector, and not just someone spreading FUD?

Iron

Yeah same here. It's such a new attack vector that I admit I haven't had the time to learn much about it yet. I look forward to it though.

Blogger

I am curious about how the audio stream, even at 190kHz sampling can create an artificial wireless network signal in a GHz band. Boggles my mind.

Iron

I plan on looking more into it over the next few weeks... scheduled part of my research

Blogger

I think the most feasible would be tuning the audio bit stream to that of a wireless peripheral device or WiFi interface

Blogger

@EdB_Vt - I haven't had time to look into it that deeply or technically yet but some of the attack vectors and mechanisms could be: tuning the frequency of the audio to interact with Wifi or wireless input devices, or taking advantage of an open audio input as an interface to interact with the computer

Blogger

Thanks everyone for joining our program. See you at the presentation tomorrow.

Blogger

To use the audio attack, how would the bitstream coming out of the microphone ADC cause the sound card to command something in the main part of the PC? 

Iron

My posts are not getting  thru , save for a test msg

Iron

@LeoSieben - I was on the phone. We haven't had that issue in prior days. Unfortunatley, I think it might have been from Rob? :-/ (Sorry Rob not trying to throw you under the bus LOL)

Blogger

@78RPM - Yes I have been following that. It's so new that I haven't had time to put it in my presentation as a delivery mechanism. But that's what it would be. It would follow the same attack methods against the same vulnerabilities, but it's now a new attack vector and delivery mechanism. Scary stuff. Definitely keep an eye on that.

Blogger

? Do you use a clip-on microphone?  I could hear that something was physically rubbing on your microphone infrequently during your presentation.

Iron

@WherleyBird: USB could be a direct attack if the hacker delivered it themself. It would be an example of using two delivery mechanisms combined.

Blogger

Thanks, moats with alagators won't work well anymore.

Iron

Clint, an article on Design News this week is about Malware That's Transmitted by Sound. A high pitch audio is used to modulate a malicious file sent to computers with sound cards and mics.  Have you ever heard of exploits that have used this?

Gold

@pmkamqn: That's a really good qustion. I don't know off and of any readings related specifically to USB policies. Some standards such as NIST SP800-53 or IEC/ISO 27001/27002 cover that stuff but really high level. There are some good recommendations in many of the security books out there, espcially the ones that I recommended... but everything is so high level. Looks like a good book opportunity for someone.

Blogger

 Question from WherleyBird:

What would USB delivery be consider? Like the Stuxnet? a Direct "hands-on" access?

 

 

Blogger

Another question was: "Clint, is it true that a real security guy can't be a member of LinkedIn or other social media ? What I do is give a false DoB, false hometown or other security question response etc...." 

 

I don't see why a security guy can't be a member of social media or LinkedIn. I am. I've never had any problems. Now a real SPY might not want to go down that road LOL :-)

Blogger

 

A questions from pmkamqn:

Any suggested readings regarding USB policies?

 

 

 

Blogger

is was great to have the slides ahead of time to follow along and make notes.

Iron

Someone asked if a USB key would be a direct attack. It could be it the hacker delivered it themself. It would be an example of using two delivery mechanisms combined.

Blogger

Thanks Clint, Rob, Design News, & Digi-Key

Lets all tweet about slide 15.

Iron

Very good lecture today

Iron

See (ear) tomorrow, thank you.

Iron

Thanks Clint and Rob,excellent.

Iron

Thanks Clint for a good class.

Iron

Thanks, Clint and Rob.

Iron

 

I enjoyed the quick pace. Now I can breathe and look up the references given in the presentation.

Iron

Awesome series so far, Thanks Clint, Rob and Digikey.

Iron

Thank you Clint. Very good technical information on Hacking.

Iron

Thanks Clint and Digikey for a comprehensive discussion.

Iron

any suggested readings regarding USB policies?

 

Iron

Thanks alot, great presentation.

Iron

Thank you Clint, Design News, and Digi-Key.

Gold

Thanks Clint . Great presentation.

Iron

Thanks for very good class

Iron

Thanks.  Like drinking from a fire hose

Iron

Thank you Clint, grate lecture.

Iron

We're now on sldie 47.

Blogger

We're now on slide 46.

Blogger

We're now on slide 45.

Blogger

We're now on slide 44.

Blogger

Sometimes I challenge unknowns - sometimes I don't

Iron

We're now on slide 43.

Blogger

We're now on slide 42.

Blogger

I usually invlove with some contracors.

Iron

We're now on slide 41.

Blogger

 

Answer to question: I don't have to deal with contractors often.

Iron

We're now on sldie 39.

Blogger

We're now on slide 38.

Blogger

I am usually the contractor to install equipment into customers plants.

Iron

We're now on sldie 37.

Blogger

Answer:  Prefer not to answer.

Iron

We're now on slide 36.

Blogger

I've been a contractor and could not get noticed. Some places more lax than others.

Gold

Clint's question:

 How many of you, in your daily jobs, see contractors or people that you don't know or recognize on such a regular basis that you don't think twice about it?

Blogger

? Clint, is it true that a real security guy can't be a member of LinkedIn or other social media ? What I do is give a false DoB, false hometown or other security question response etc....

Iron

We're now on slide 35.

Blogger

We're now on slide 34.

Blogger

 

I think you need to add MauMauing to social engineering techniques. They get loud and beligerant if you don't fall for the smoother tactics

Iron

We're now on slide 33.

Blogger

We're now on slide 32.

Blogger

We're now on slide 31.

Blogger

We're now on slide 30.

Blogger

We're now on slide 29.

Blogger

We're now on slide 28.

Blogger

We're now on slide 27.

Blogger

We're now on slide 26.

Blogger

We're now on slide 25.

Blogger

 

gfi.com is site for gfi lan guard

Iron

We're now on slide 24.

Blogger

We're now on slide 23.

Blogger

We're now on slide 22.

Blogger

Answer:  I "google" myself annually.  I also "ask" myself, and "duck, duck go" myself.

Iron

Sometimes I check if any thing about me and our company.

Iron

considerable company info available

Iron

We're now on slide 21.

Blogger

Clint"s question:

 How many of you have used Google to see how much information is out there about you or your company?

Blogger

Only a few times did I Google myself or company.

Iron

 

Answer to question: I have found very little about me via Google.

Iron

I have searched myself... lots of sites invite you to "correct" any bad information.  I never provide any information.

Iron

We're now on slide 19.

Blogger

I've only searched for my name on Google

Gold

We're now on slide 18.

Blogger

We're now on slide 17.

Blogger

We're now on slide 16.

Blogger

 

All of my problems were delivered by advertising on websites I visited.

Iron

We're now on slide 15.

Blogger

Back around 2000, my daughter inserted a floppy disk that had the Chernobyl virus.  On 26 April (or whatever day of the Chernobyl meltdown), it completely erased the C: (boot) drive of our home machine.  I tried to recover data, but had to start over from scratch over 2 week period.  My backup of C: was corrupted, so no joy there either!

Iron

saved by anti-virus package

Iron

We're now on slide 14.

Blogger

One time I was by  removable media

Iron

Oh now I'm thinking that would be Malware? I had been infected with Malware infection before! UGH

not that i'm aware of.

Iron

 

Answer to question: I haven't had malware delivered to me on a CD or flashdrive

Iron

Answer:  Not yet.  So far procedures have protected actual assets.

Iron

My few problems were ALL caused by this some removable media.

Iron

Removable Media = Jump Drive: Yes

Iron

Clint's question:

How many of you have been burned by malware on removable media?

Blogger

We're now on slide 13.

Blogger

What would USB delivery be consider? Like the Stuxnet? a Direct "hands-on" access?

We're now on slide 12.

Blogger

We're now on slide 11.

Blogger

We're now on slide 10.

Blogger

We're now on slide 9.

Blogger

We're now on slide 6.

Blogger

My audio keeps breaking off.

Iron

We're now on slide 5.

Blogger

Hello from Columbus...

Iron

We're now on slide 4.

Blogger

Hello from Toronro, Ontario.

Iron

We're now on slide 3.

Blogger

We're now on slide 2.

Blogger

Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.

Greetings from Vermont

Iron

Hello from Cedar Rapids Iowa

Iron

A warmer day here in Rochester, NY

 

Iron

Hello from another cold night in Valladolid, Spain, Europe

Iron

 

hello from Mishawaka

Iron

Hello from sunny Montana.

Gold

Good morning from Albuquerque.

Iron

I keep forgeting is's afternoon EST.

Iron

Morning all you Starbucks users!

Iron

-The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.

Blogger

-Be sure to click 'Today's Slide Deck' under Special Educational Materials above right to download the PowerPoint for today's session.

Blogger

-Be sure to follow @designnews and @DigiKeyCEC on Twitter for the latest class information. We encourage you to tweet about today's class using the hashtag #CEC.

Blogger

Hi from Albuquerque, NM. It's clear today, and the forecast for Christmas is sunny. My young daughter said, "It doesn't even make sense that it would be sunny on Christmas."

Blogger

-Please join our Digi-Key Continuing Education Center LinkedIn Group at http://linkd.in/yoNGeY

Blogger

Hi from Panama City, FL.

Iron

Good morning from sunny and realtively warm (42F) Mayfield Hts. Ohio..home of Rockwell Automation's Advanced Technology Lab.

Good morning from El Paso, TX

Iron

Happy Thursday.  I have downloaded the slides from the link above.

Iron

Morning from Portland Oregon

Iron


Partner Zone
Latest Analysis
Self-driving vehicle technology could grow rapidly over the next two decades, with nearly 95 million “autonomous-capable” cars being sold annually around the world by 2035, a new study predicts.
MIT’s Senseable City Lab recently announced the program’s next big project: “Local Warming.” The concept involves saving on energy by heating the occupants within a room, not the room itself.
The fun factor continues to draw developers to Linux. This open-source system continues to succeed in the market and in the hearts and minds of developers. Design News will delve into this territory with next week's Continuing Education Class titled, “Introduction to Linux Device Drivers.”
Dean Kamen tells an audience at MD&M East 2014 how his team created the DEKA Arm to meet DARPA's challenge to design a better prosthetic arm for wounded veterans.
The new draw-it-on-a-napkin is the CAD program. As CAD programs become more ubiquitous and easier to use, they have replaced 2D sketching for early concepting.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Aug 4 - 8, Introduction to Linux Device Drivers
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: August 12 - 14
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service