I forgot to say, there is also a sort of race to the bottom among these meme experts. Since the meme tech expert does not have to actually be an expert on tech, the only required skill is to market yourself, as such there are countless upstarts trying to dethrone an established one. If other experts start talking about whatever latest trendy exploit and you don't, you rapidly lose cool status in the eyes of your normie audience, and they will instead go to those competitors that do talk about it. So shitty commentators who will latch on to literally every single overhyped meme, and then amplify it even more, naturally rise to the top and become prominent. And that's how we got to where we are today.
The Vulnerability Vulnerability
Joshua Mitchell
Jack Hall
You missed the point. BadUSB is not about keyboard emulation at all, and your shitty threat model considers security through obscurity. The biggest threat about BadUSB is that a malicious flash drive can pretend to be any device such as network card and sniff your network traffic if your OS is configured to accept it by default, but also it could exploit a USB driver and execute malicious code at kernel level without the need for command prompt and root password.
You come up with a bunch of boogey-strawmen and debunk them in the next sentence. "Normies", "meme". What exactly do you want to say? Stop watching Linux Foreskin Tips and read actual bug reports/descriptions. The exploits are real, people who talk about them first-hand, the real kernel/software developers usually make explanation websites with colored pictures to attract journalists and spread the word to less-inclined folks so those people would not forget to update their puters.
Not everyone is a computer technology wizard, it is impossible for every human to be well-versed in all directions, I highly doubt you'd understand what those "normies" do for their living even after a brief introductory article in a subject-related publication, like construction methods, company management or surgery. But I agree with you on some points, today technological literacy is becoming the new literacy in "ability to read, write and do arithmetic calculations", as if it already hasn't become. remember when big-corp CEOs said things like "teach you children how to program, it'll help them a lot in their life". Guess, that wasn't of a bad advice innit?
Chase Clark
You missed the point. BadUSB is not about a malicious flash drive pretending to be any device. The idea behind BadUSB is that you exploit a regular flashdrive and install custom firmware in order for it to do malicous things.
Michael Martinez
That's what it means to charge a mass-storage USB disquette with malicious firmware.
Angel Williams
You have to hype vulnerabilities as otherwise no one cares. Everyone shit themselves over heartbleed and shellshock and buried my company in emails even though we don't have a webserver on our product. Meanwhile, glibc had a resolver bug so severe that it could have led to a worm taking down the internet and there were many puckered assholes behind closed doors in networking yet no one noticed as it wasn't hyped.
Christian Johnson
But it is. It was explicitly listed as a usecase, when it came out.
No, my "shitty" threat model considers that, given the infinite combinations of input states your computer could be in and keybindings, it would be impractical or even impossible to program the macros for all possible keybindings, specially considering USB have no idea about that, and so the macro should find a common way to exploit all computers in all possible states, so a mass infection scenario is unlikely, a server infection scenario is unlikely because more often than not they run without any users sessions open, and thus would require for the attackers to already know the password, and basically, only personal desktops and laptops would be vulnerable if you are being specifically targeted.
If I recall correctly, USB network adapter imitations could only attempt to make the OS or the user download bad and potentially malicious data when connecting to the Internet. There was a proof of concept attack for that shit, which was pretty clever, but required having an open browser making unencrypted connections to a site, and then hacing your cache enabled, which you shouldn't have in any secured setup. That, and the default behaviours of Windows and OS X, that apparently are dumb enough to send user credentials to the USB in the case of OS X, I think it outright gave the USB the credentials to access the computer, whereas Windows sent the hashed password
No shit. That's far from "literally unfixable", though.
As far as vulnerabilities go, it's pretty shit, even though it was hyped to hell and back.
Grayson Moore
nobody cares about networking except sysadmins, cisco pajeets and reebsd users
Samuel Hall
USB can be used for DMA attack also. Then you don't even care about the CPU or OS, you can just directly crawl the entire memory.
Dominic Jackson
That's what it means to charge a mass-storage USB
do you know what it means to charge a usb with large amount of capacitance?
John Young
If you can't even understand basic imageboard terminology, r/technology might be more your speed. They are very welcoming to newbies as well so you can wallow in a cesspool of credulous retards to your heart's content.