I took part in the L0pht Reunion Panel at the Source Boston conference in Cambridge, MA last Friday. It was a lot of fun to get back together with the "band" and pontificate with no holds barred about the latest security threats, just like we did in the old days.
The Associated Press writes:
Recent cases reviewed by The Associated Press include some of the most widely used tech devices: Apple iPods, digital picture frames sold by Target and Best Buy stores and TomTom navigation gear.
In most cases, Chinese factories — where many companies have turned to keep prices low — are the source.
We all know malware is starting to fly under the radar of black list style detection. Low volume malware is flooding the AV labs' capability to build detection for it. The digital picture frame sold at Sam's club was infected with previously unknown malware that stole passwords and turned off AV software.
An additional threat that has been reported is devices have been found infecting the flash memory cards that are often inserted to upload photos. From SANS:
“Recently I found a virus on it called Troj_Agent.SAO, which is what Trend Micro named it.Anytime you plug a removable device into it, it would create two files Autorun.inf and autorun.exe.The exe would place itself in the recyclerrecycler folder and the .inf would place itself on the root of the removable drive as a hidden file.At first I thought this virus came in on one of our employee’s pen drive but after further investigation I discovered that the files that the virus uses were created on the kiosk the day it was shipped out to us.Also our vendor is using this kiosk in some of their stores at the moment and there have been reports that the kiosks have given their customers a virus. “
We are back to the days of the floppy or "sneaker net" attack vector. Do you know who has touched your SD card or USB drive? Don't use it in public. Don't share it with multiple machines. Dan Geer told me he once tossed a USB drive into an audience with the slides for a presentation he just delivered on it. About 10 people passed it around and copied off the slides. It came back with a virus on it. And this was at a security conference.