“People look at these things and see them as nothing more than storage devices,” says Caudill. “They don’t realize there’s a reprogrammable computer in their hands.”
In an earlier interview with WIRED ahead of his Black Hat talk, Berlin-based Nohl had said that he wouldn’t release the exploit code he’d developed because he considered the BadUSB vulnerability practically unpatchable. (He did, however, offer a proof-of-concept for Android devices.) To prevent USB devices’ firmware from being rewritten, their security architecture would need to be fundamentally redesigned, he argued, so that no code could be changed on the device without the unforgeable signature of the manufacturer. But he warned that even if that code-signing measure were put in place today, it could take 10 years or more to iron out the USB standard’s bugs and pull existing vulnerable devices out of circulation. “It’s unfixable for the most part,” Nohl said at the time. “But before even starting this arms race, USB sticks have to attempt security.”
Caudill says that by publishing their code, he and Wilson are hoping to start that security process. But even they hesitate to release every possible attack against USB devices. They’re working on another exploit that would invisibly inject malware into files as they are copied from a USB device to a computer. By hiding another USB-infecting function in that malware, Caudill says it would be possible to quickly spread the malicious code from any USB stick that’s connected to a PC and back to any new USB plugged into the infected computer. That two-way infection trick could potentially enable a USB-carried malware epidemic. Caudill considers that attack so dangerous that even he and Wilson are still debating whether to release it.
I find it interesting that we are so advanced with visuals, but computer voices are still way behind. So at least voice actors in Hollywood will have jobs for a while.
People on twitter ask things like “How is Mann’s calling Curry a serial climate misinformer as bad or worse as Steyn referring to Mann’s fraudulent hockey stick?” Well the issue is the different norms of behavior between scientists and political commentators. In the climate wars, there is not a level mudslinging playing field for scientists and political commentators.
When I have criticized Mann, I have criticized his involvement in Hiding the Decline, and also his violations of the norms of what I regard as appropriate behavior by scientists. This is far different than what Mann has been doing in #1-#5 above. 5 years ago, defending Michael Mann against his attackers was regarded by many scientists as defending climate science. At this point, I am not seeing many climate scientists standing up for Michael Mann, owing to his violations of the norms, unless they are extreme partisans.
Thoughts on presidential powers from Richard Epstein.
I’ve been thinking about a long post on whether or not we’ve entered a post-Westphalia era. A lot of the confusion we’ve had over the past thirteen years has arisen from the fact that we’ve never had a formal declaration of war. If ISIS is a state (in the Westphalian sense), it is one that has certainly declared war on us, and a great deal of clarity would form if we were to reciprocate. It would end all this nonsense of treating Islamic terrorism as a criminal matter. They are no different from the Nazis, and their goals are in fact more vile and ambitious. As Netenyahu said yesterday, the Nazis believed in a master race, and they believe in a master religion.