Escapist Podcast - Science and Tech: 023: The USBpocalypse is upon Us! Also, Windows 10

023: The USBpocalypse is upon Us! Also, Windows 10

In this episode of The Escapist's Science and Tech podcast, host CJ Miozzi and Escapist writers talk about a dangerous new USB malware that has been revealed to the public called BadUSB, and a dangerous new PC malware that has been revealed to the public called Windows 10.

Watch Video

OK. You're ignorant. And that's your show format. Fine. But things really don't work the way you imagine.

When someone discovers a "zero day" hack, no one knows. The NSA does not track that person down and offer them money, because the NSA has no idea that person has that information. They have no idea that information even exists. The NSA isn't magic.

The person who first discovers the issue, like this USB issue, has the option of contacting various agencies and selling the information to them. They can try to sell it to multiple agencies. They can contact the manufacturer. They can publish the information. They can try to do all of these things. Of course, after you sell a secret to an agency for a lot of money, it's not a wise move to devalue that secret.

The second person to discover the issue, if it's been kept secret, has all the same options. An agency could pay for the information twice instead of saying, "We already know that", because keeping it secret is still valuable to them.

Saying, "use G-mail" is another way of saying, "I don't actually work with a lot of data, like hours of video or photos in raw format."

If the headsets you are wearing are USB, then those are also devices that could be "infected".

Calling any version of Windows "malware" is immature. Which only matters if you ever intend to be taken seriously about anything, which it seems you don't.

Your video stream is still configured so that when CJ talks, the video switches to not-CJ, generally Marla. Which seems somewhere between pandering and technical ineptitude.

JustMakingAComment:
Calling any version of Windows "malware" is immature.

I do agree with this sentiment, I haven't listened to the podcast yet and I probably will Sunday when travelling for Thanksgiving, but if the podcast is going to be anything like the blurb describing it I probably won't listen to the full thing.

Its a personal pet peeve of mine, but I hate when people use inaccurate words to describe something when it really isn't that way. Windows 10 Technical Preview is a beta piece of software and we don't know what its going to be like. Your headline proclaims that the final version of the software is going to be Malware and by definition Malware is "a piece of software that is designed to damage or disable a computer". Aside from being at times frustrating to use, Windows hasn't damaged any of my computers or disabled my use of one since Windows 95 would BSoD regularly.

If you really want to label an Operating System as Malware, I highly suggest you look at Apple and their line of products with people complaining that the latest updated of iOS 8 bricked phones to the point they actually pulled the update. Of course there is also the widely spread myth about "Apple computers unable to be infected by a computer virus" too and I have heard Apple employees even saying that to customers.

JustMakingAComment:
OK. You're ignorant. And that's your show format. Fine. But things really don't work the way you imagine.

When someone discovers a "zero day" hack, no one knows. The NSA does not track that person down and offer them money, because the NSA has no idea that person has that information. They have no idea that information even exists. The NSA isn't magic.

The person who first discovers the issue, like this USB issue, has the option of contacting various agencies and selling the information to them. They can try to sell it to multiple agencies. They can contact the manufacturer. They can publish the information. They can try to do all of these things. Of course, after you sell a secret to an agency for a lot of money, it's not a wise move to devalue that secret.

The second person to discover the issue, if it's been kept secret, has all the same options. An agency could pay for the information twice instead of saying, "We already know that", because keeping it secret is still valuable to them.

Saying, "use G-mail" is another way of saying, "I don't actually work with a lot of data, like hours of video or photos in raw format."

If the headsets you are wearing are USB, then those are also devices that could be "infected".

Calling any version of Windows "malware" is immature. Which only matters if you ever intend to be taken seriously about anything, which it seems you don't.

Your video stream is still configured so that when CJ talks, the video switches to not-CJ, generally Marla. Which seems somewhere between pandering and technical ineptitude.

Thank you for the insight and feedback. The Gmail and malware comments were said in jest; I'm sorry that you don't appreciate our humor/sarcasm/puns.

We use Google Hangouts for video conferencing, and as the recorder, my options are to either have the window always focused on me (as it is during the opening), or switch to the person who is talking, unless that person is me. (Constantly clicking to change the camera focus every time I do and do not talk is not a feasible solution, as that makes the Hangout UI clutter up the screen). If you know of some way to otherwise configure the Hangout so that the video switches to me, or if you know of other, better solutions, I'd be happy to look into them.

Sanunes:

JustMakingAComment:
Calling any version of Windows "malware" is immature.

I do agree with this sentiment, I haven't listened to the podcast yet and I probably will Sunday when travelling for Thanksgiving, but if the podcast is going to be anything like the blurb describing it I probably won't listen to the full thing.

Its a personal pet peeve of mine, but I hate when people use inaccurate words to describe something when it really isn't that way. Windows 10 Technical Preview is a beta piece of software and we don't know what its going to be like. Your headline proclaims that the final version of the software is going to be Malware and by definition Malware is "a piece of software that is designed to damage or disable a computer". Aside from being at times frustrating to use, Windows hasn't damaged any of my computers or disabled my use of one since Windows 95 would BSoD regularly.

If you really want to label an Operating System as Malware, I highly suggest you look at Apple and their line of products with people complaining that the latest updated of iOS 8 bricked phones to the point they actually pulled the update. Of course there is also the widely spread myth about "Apple computers unable to be infected by a computer virus" too and I have heard Apple employees even saying that to customers.

We don't discuss Windows 10 as though it is malware - I just had a little fun with parallel sentence structure in the blurb, referencing the one-off joke I made in the podcast in which I segued from the USB Malware topic into the Windows 10 topic. I figured it would be obvious enough that I was joking and that we don't actually consider Windows 10 to be malware - I suppose I was mistaken.

We discuss, within the context of what little we know about it so far, its potential merits, its known features (multiple desktops, copy-pasting into the command prompt), the possibility of it being a free upgrade from Win 8, and ponder why it wasn't named Windows 9.

Rhykker:

We don't discuss Windows 10 as though it is malware - I just had a little fun with parallel sentence structure in the blurb, referencing the one-off joke I made in the podcast in which I segued from the USB Malware topic into the Windows 10 topic. I figured it would be obvious enough that I was joking and that we don't actually consider Windows 10 to be malware - I suppose I was mistaken.

We discuss, within the context of what little we know about it so far, its potential merits, its known features (multiple desktops, copy-pasting into the command prompt), the possibility of it being a free upgrade from Win 8, and ponder why it wasn't named Windows 9.

Fair enough, thank you for the insight.

>.>;;; I don't know what everyone else is so mad about, after reading the news this week about all the key-logging and what not rolled into the new windows beta, I thought that joke was quite funny. I mean we're talking about software on a quite frankly delightful podcast not a senate hearing. Let's not get too carried away here guys.

Anyway, I only made it half way through, and I'll likely listen to the rest tonight, but I love the podcast! Thanks again!

Rhykker:

Thank you for the insight and feedback. The Gmail and malware comments were said in jest; I'm sorry that you don't appreciate our humor/sarcasm/puns.

There is a difference between "humor" and "bias". You have shown a long-lasting tendency to denigrate Microsoft products, such as Hotmail and Windows, without any similar mocking of Apple, Google or other companies in that space. It makes you sound like one-note Microsoft-haters. It's just your viewpoint. You're entitled to it. And you'll win friends amongst the Apple & Google advocates, but people who are realistic about the strengths and weaknesses of large, diverse corporations that make numerous products are probably going to find your simplistic approach off-putting.

Also, you should be sufficiently media-savvy to appreciate that the blurb for your podcast is something people will read before they listen to the podcast and they may not listen to it at all if the blurb makes it sound like you're just going to be bashing something. If you want to just appeal to people who already listen to your show and like it, then that's your option -- but you're more likely to expand your audience and bring more people into the extended conversation you create by being more honest about the content of the podcast. Tell people what you talked about, and don't be gratuitously offensive or provocative.

Rhykker:

We use Google Hangouts for video conferencing, and as the recorder, my options are to either have the window always focused on me (as it is during the opening), or switch to the person who is talking, unless that person is me. (Constantly clicking to change the camera focus every time I do and do not talk is not a feasible solution, as that makes the Hangout UI clutter up the screen). If you know of some way to otherwise configure the Hangout so that the video switches to me, or if you know of other, better solutions, I'd be happy to look into them.

You could use a separate account to be the "Recorder", so that all of you are equal participants. You could use an "On Air" hangout and let it be recorded for you by Google. You could use something other than Hangouts.

You are a group of professionals producing a product. You could have each person record their video locally, send it to a server and edit it together manually, using split-screen for rapid two-way interactions or simple transitions to show the current speaker. That would take effort -- I do some editing work for a podcast, so I know it's not trivial. But producing something of quality is expected to take effort.

Kameburger:
I don't know what everyone else is so mad about, after reading the news this week about all the key-logging and what not rolled into the new windows beta, I thought that joke was quite funny. I mean we're talking about software on a quite frankly delightful podcast not a senate hearing. Let's not get too carried away here guys.

K, no one is mad. It's possible to make objections to another person's statements or modes of presentation without being mad. It's possible to have opinions without being angry. And it's possible to write a comment on a site about a podcast without being "carried away". It's possible to be serious.

I listen to all the Escapist's podcasts. And what I have found over the recent months is that this is the only one that does not even take its own subject matter seriously. The other discussions take their subjects seriously, sometimes talking about the ethical issues and the portrayal of women or minorities in games or movies; sometimes talking about the quality of game-play and how table-top gaming deals with the temperaments of the humans involved. But when it comes to science and technology -- subjects generally already considered serious -- they are treated like a joke.

Of all the science and technology in the world to discuss, you really decided to spend time talking about why a company decided to call their product "10" and not "9"?

JustMakingAComment:

Rhykker:

Thank you for the insight and feedback. The Gmail and malware comments were said in jest; I'm sorry that you don't appreciate our humor/sarcasm/puns.

There is a difference between "humor" and "bias". You have shown a long-lasting tendency to denigrate Microsoft products, such as Hotmail and Windows, without any similar mocking of Apple, Google or other companies in that space. It makes you sound like one-note Microsoft-haters. It's just your viewpoint. You're entitled to it. And you'll win friends amongst the Apple & Google advocates, but people who are realistic about the strengths and weaknesses of large, diverse corporations that make numerous products are probably going to find your simplistic approach off-putting.

Also, you should be sufficiently media-savvy to appreciate that the blurb for your podcast is something people will read before they listen to the podcast and they may not listen to it at all if the blurb makes it sound like you're just going to be bashing something. If you want to just appeal to people who already listen to your show and like it, then that's your option -- but you're more likely to expand your audience and bring more people into the extended conversation you create by being more honest about the content of the podcast. Tell people what you talked about, and don't be gratuitously offensive or provocative.

Rhykker:

We use Google Hangouts for video conferencing, and as the recorder, my options are to either have the window always focused on me (as it is during the opening), or switch to the person who is talking, unless that person is me. (Constantly clicking to change the camera focus every time I do and do not talk is not a feasible solution, as that makes the Hangout UI clutter up the screen). If you know of some way to otherwise configure the Hangout so that the video switches to me, or if you know of other, better solutions, I'd be happy to look into them.

You could use a separate account to be the "Recorder", so that all of you are equal participants. You could use an "On Air" hangout and let it be recorded for you by Google. You could use something other than Hangouts.

You are a group of professionals producing a product. You could have each person record their video locally, send it to a server and edit it together manually, using split-screen for rapid two-way interactions or simple transitions to show the current speaker. That would take effort -- I do some editing work for a podcast, so I know it's not trivial. But producing something of quality is expected to take effort.

Kameburger:
I don't know what everyone else is so mad about, after reading the news this week about all the key-logging and what not rolled into the new windows beta, I thought that joke was quite funny. I mean we're talking about software on a quite frankly delightful podcast not a senate hearing. Let's not get too carried away here guys.

K, no one is mad. It's possible to make objections to another person's statements or modes of presentation without being mad. It's possible to have opinions without being angry. And it's possible to write a comment on a site about a podcast without being "carried away". It's possible to be serious.

I listen to all the Escapist's podcasts. And what I have found over the recent months is that this is the only one that does not even take its own subject matter seriously. The other discussions take their subjects seriously, sometimes talking about the ethical issues and the portrayal of women or minorities in games or movies; sometimes talking about the quality of game-play and how table-top gaming deals with the temperaments of the humans involved. But when it comes to science and technology -- subjects generally already considered serious -- they are treated like a joke.

Of all the science and technology in the world to discuss, you really decided to spend time talking about why a company decided to call their product "10" and not "9"?

While I would agree that we poke a lot of fun at Microsoft, that is simply because Microsoft has been in the headlines more often than Google or Apple. In fact, when those other companies have made headlines, we have taken shots at them as well. We spent a fair amount of time last podcast discussing the bending of the iPhone 6 - I even explained, without humor, that I am not an Apple user nor part of Apple's target demo. We poked fun at Apple in one of our early podcasts, referencing their old, "It just works!" commercials. We've criticized "new Google" for constantly changing YouTube. We've questioned Google's self-driving car idea.

During a time when Microsoft is the company making headlines... it's expected that our focus will shift there. Hitherto, the focus of these podcasts has been on bringing up recent headlines in the world of science & technology - headlines that we believe are interesting to our readers/listeners, headlines that have sparked discussion.

We're actually looking to change the format of the show somewhat, but given science & technology can be such a heavy subject, we try to keep things light and entertaining. My background is in geology and planetary science - I can explain, in excruciating detail, my research on the search for extant 36Cl in the early solar system within nucleosyntheic anomalies in chondrites, which could serve as chemical fingerprints for the source of these short-lived radionuclides in the proto-solar disk - something, we posited, may be an asymptotic giant branch star. I can talk about the beta decay processes through which 36Cl becomes 36Ar and 36S, and how we analyzed carbonaceous chondrites in search of the sulfur isotopic anomalies within halite and sylvite inclusions. But I understand that most people don't want that level of depth, and I do one day plan to have a very basic discussion of my research. Because "science" and "technology" cover such wide swaths of knowledge and education, I try to ensure that whatever we discuss is accessible and understandable to anyone who has completed high school.

You make a fair point about the blurb - I was trying something different.

Thank you for your technical suggestions - these are all things we have considered initially, but we will revisit their feasibility now. The current format is the best product we can produce within our limitations, but I will look into whether the options out there for us have changed.

JustMakingAComment:

I listen to all the Escapist's podcasts. And what I have found over the recent months is that this is the only one that does not even take its own subject matter seriously. The other discussions take their subjects seriously, sometimes talking about the ethical issues and the portrayal of women or minorities in games or movies; sometimes talking about the quality of game-play and how table-top gaming deals with the temperaments of the humans involved. But when it comes to science and technology -- subjects generally already considered serious -- they are treated like a joke.

I haven't listened to a lot of Escapist's podcasts recently, but this one sounded interesting. I was rather disappointed that such a serious topic gets the silly joke treatment and also seemed badly researched. Also felt a bit sensational, which I really dislike in journalism.

The people who first publicly demonstrated this exploit are NOT the same as the ones who released there findings on the how to.
(Since the controversy of releasing such code is discussed later, throwing in the wrong names and facts seems like bad journalism)

Nohl and Lell, researchers for the security consultancy SR Labs were the first to demonstrate the exploit during the black hat conference in 2014 in Las Vegas.
http://www.wired.com/2014/07/usb-security/

Wilson and Caudill, working for another company unrelated to SR Labs released there findings on Github.
https://adamcaudill.com/2014/10/02/making-badusb-work-for-you-derbycon/

Nohl is also mentioned as a person releasing code(around 16min 40s), according to the SR Labs website this is untrue.
https://srlabs.de/badusb/

Everything that is being talked about are theories, but the way it's presented in the podcast make it sound like it's already happening everywhere. No actual malicious code was released to the public.
https://adamcaudill.com/2014/10/03/on-the-ethics-of-badusb/

Heck the Escapist article on this is even mentioned later on which does point out the two parties involved in demonstrating and releasing the exploit...

Maybe I just came here expecting something different, as I said before, I haven't listened to a lot of podcasts recently.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here