Link

Meet USBee, the malware that uses USB drives to covertly jump airgaps

Meet USBee, the malware that uses USB drives to covertly jump airgaps:

The software works on just about any storage device that’s compliant with the USB 2.0 specification. Some USB devices such as certain types of cameras that don’t receive a stream of bits from the infected computer, aren’t suitable. USBee transmits data at about 80 bytes per second, fast enough to pilfer a 4096-bit decryption key in less than 10 seconds. USBee offers ranges of about nine feet when data is beamed over a small thumb drive to as much as 26 feet when the USB device has a short cable, which acts as an antenna that extends the signal. USBee transmits data through electromagnetic signals, which are read by a GNU-radio-powered receiver and demodulator. As a result, an already-compromised computer can leak sensitive data even when it has no Internet or network connectivity, no speakers, and when both Wi-Fi and Bluetooth have been disabled. The following video demonstrates USBee in the lab:

While this is still of limited value because you need to infect the airgapped computer in the first place, it’ll only take a while until this exfiltration method is weaponized. Airgaps have long been seen as a key way of keeping highly sensitive data secure but researchers working inside and outside of government keep revealing all the ways in which data can be quietly extracted from such systems. Their successes should give pause to anyone who is concerned about computer security, generally, to say nothing of those interested in the security of government and corporate systems.

Link

Researcher reveals how “Computer Geeks” replaced “Computer Girls” | The Clayman Institute for Gender Research

electronicdreams:

The earliest computer programmers were women and the programming field was once stereotyped as female

One of the best books I’ve read about the transition from computing as a female- to male-dominanted area of work is Ensmenger’s The Computer Boys Take Over: Computers, Programmers, and the Politics of Technical Expertise.

It’s a remarkable book that details – with precision – how labour changes combined with new understandings of what ‘goes into’ computer work led to the defeminization of not just the people working on computers but the very tropes and language associated with the same kind(s) of work. Highly, highly recommended.

Link

Notes EM: Disorder as resistance

evgenymorozov:

I found this in the Letters section of the latest issue of The Times Literary Supplement (dated March 15, 2013). It doesn’t seem to be online:

Binder families

Sir, – In David Winters’s review of The Demon of Writing by Ben Kafka he mentions a clerk who saved the actors of the Comédie-Française during the Terror, by soaking their death warrants in a tub and throwing the balls of pulp out of the window (February 15). In the 1960s I worked as a welfare case worker, along with several hundred others, in a vast office in downtown Chicago. Each of the families of my 300 clients existed, bureaucratically speaking, as a large binder filled with forms and written notes. When the families had been on welfare for several generations, the binders were equivalent to two or three large telephone books.

Overwhelmed with an avalanche of forms, telephone calls, clients waiting for hours downstairs to see me, home visits to the high-rise housing projects in which they lived, I was taught by the veteran case workers to simply go into the huge library where the binders were stored, alphabetically on endless shelves, and “accidentally” file binders out of place. Then I could innocently plead that I was unable to take any action on the case because I could not find the binder. Without the binder nothing in the status of the clients could change, their cheques would continue to arrive, and I could “miraculously” locate their binder if I needed to. Sadly, we were on the verge of the computer age, the information was beginning to appear on IBM punch cards, and the binders were soon to become obsolete, signalling the beginning of a far more ruthless era in which no clerk could make inconvenient facts disappear.

MICHAEL LIPSEY 75 San Marino Drive, San Rafael, California 94901.

This speaks volumes to the humanity that “inefficient” bureaucratic organization can enable. Further, it foregrounds how contemporary drives towards efficiency and order can obviate some historical means of bureaucratic resistance, resistance that was significant for maintaining and improving people’s daily lives.

Don’t Risk Model for Aged, Wealthy, Americans

Data security and communicative privacy matters. The boons of the contemporary computer era has led to people across the world using common services for security, for data processing, and for communications generally despite users’ radically different risk profiles. Few users are savvy enough to engage in code-level audits, fewer to ascertain the validity of improperly issued security certificates, and likely even fewer to guarantee that programs’ and operating systems’ updates are from the actual developers. These are problems – important problems – that need to be directly addressed by developers.

It’s always been morally wrong to be cavalier about your software’s security profile, and to just discount the potential vulnerabilities or bugs linked to your tools. Things aren’t getting better, however, on account of state actors becoming more and more sophisticated in how they target and monitor their citizens’ and residents’ communications. Consequently, the blasé attitude towards security that has (largely) focused on successful engineering over successful security in depth is a larger and larger problem. This attitude, especially when it comes to anti-circumvention and encryption software, is leading to individual users ending up seriously hurt, imprisoned, or dead.

Security is important. Speech is important. And ensuring that secure, private, speech is possible is an increasingly critical issue for parties throughout the world. Developers and companies and individuals ought to take the severity of the consequences of their actions to heart, or risk having very real blood on their hands.

Quote

In one inquiry it was found that a successful team of computer specialists included an ex-farmer, a former tabulating machine operator, an ex-key punch operator, a girl who had done secretarial work, a musician and a graduate in mathematics. That last was considered the least competent.

* Hans Albert Rhee, Office Automation in a Social Perspective, 1968
Quote

… there is never a single, ideal type towards which any given technology will inevitably evolve. Specific technologies are developed to solve specific problems, for specific users, in specific times and places. How certain problems get defined as being more in need of a solution, which users are considered more important to design for, what other technological systems need to be provided or accounted for, who has the power to set certain technical and economic priorities–these are fundamentally social considerations that deeply influence the process of technological development.

Nathan Ensmenger; The Computer Boys Take Over: Computers, Programmers, and the Politics of Technical Expertise