I'm really not sure yet. I really need to see a proof of concept first before I take it too serious. If it turns out to be a real threat I will be doing more research and presenting my findings in the future.
@EdB_Vt - I haven't had time to look into it that deeply or technically yet but some of the attack vectors and mechanisms could be: tuning the frequency of the audio to interact with Wifi or wireless input devices, or taking advantage of an open audio input as an interface to interact with the computer
@78RPM - Yes I have been following that. It's so new that I haven't had time to put it in my presentation as a delivery mechanism. But that's what it would be. It would follow the same attack methods against the same vulnerabilities, but it's now a new attack vector and delivery mechanism. Scary stuff. Definitely keep an eye on that.
Clint, an article on Design News this week is about Malware That's Transmitted by Sound. A high pitch audio is used to modulate a malicious file sent to computers with sound cards and mics. Have you ever heard of exploits that have used this?
@pmkamqn: That's a really good qustion. I don't know off and of any readings related specifically to USB policies. Some standards such as NIST SP800-53 or IEC/ISO 27001/27002 cover that stuff but really high level. There are some good recommendations in many of the security books out there, espcially the ones that I recommended... but everything is so high level. Looks like a good book opportunity for someone.
Another question was: "Clint, is it true that a real security guy can't be a member of LinkedIn or other social media ? What I do is give a false DoB, false hometown or other security question response etc...."
I don't see why a security guy can't be a member of social media or LinkedIn. I am. I've never had any problems. Now a real SPY might not want to go down that road LOL :-)
Back around 2000, my daughter inserted a floppy disk that had the Chernobyl virus. On 26 April (or whatever day of the Chernobyl meltdown), it completely erased the C: (boot) drive of our home machine. I tried to recover data, but had to start over from scratch over 2 week period. My backup of C: was corrupted, so no joy there either!
Hi all -Audio is live! If you don't see the audio bar at the top of the screen, please refresh your browser. It may take a couple tries. When you see the audio bar, hit the play button. If you experience audio interruptions and are using IE, try using FF or Chrome as your browser. Many people experience issues with IE. Also, make sure your flash player is updated with the current version. Some companies block live audio streams, so if that is the case for your company, the class will be archived on this page immediately following the class and you can listen then. People don't experience any issues with the audio for the archived version.
-The streaming audio player will appear on this web page when the show starts at 2 PM Eastern time today. Note however that some companies block live audio streams. If when the show starts you don't hear any audio, try refreshing your browser. If that doesn't work, try using Firefox or Google Chrome as your browser. Some users experience audio interruptions with IE. If that doesn't work, the class will be archived immediately following our live taping.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.