Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Take a quick look at those security measures

Nov 26, 2016 6:35PM PST

Guys, just check that security strategy, that i believe will reduce the known odds of undetected intrusion to zero.

1. Setting strong windows password
2. Disable all USB/CD boots, enable Secure Boot on Uefi
3. Sets passwords to all your UEFI BIOS options
3. Encrypt the entire hard
4. Activate DisplayLastLogonInfo option from the registry (that way everytime you log in to your windows it will show you the last time you've been logged.
5. Everytime when you are logging in, check your Event Viewer and look when was you last Logoff (if you see logon in the time period you were out, you will know someone was in)
6. Only join the network directly from the cable (do not install router)
7. Buy a special lockable laptop bag..

Rubber Duckies and other types of Bad USB's will still be detected by the windows as logins, right? So i will know if someone used anything like that. With all those protective measures, is there any possible way that someone can install something on my laptop without leaving any trace? (When we exclude the 5 dollar wrench) Happy
What do you think?

Discussion is locked

- Collapse -
Answer
Even if..
Nov 26, 2016 6:40PM PST

Even if he removes the hard and plugs it into another same laptop, will he be able to do anything with all those defences - and most importantly, remain UNDETECTED?

- Collapse -
Answer
Nice and will stop almost everyone.
Nov 27, 2016 9:07AM PST

"Rubber Duckies and other types of Bad USB's will still be detected by the windows as logins,"

The example I gave in a prior discussion didn't login so nope.

At this point I get the feeling you want AIR TIGHT SECURITY. As proven over and over the only way is to power off and physically secure the device, but what use is it then?

If you do maintain security and physical security, then it's pretty locked down except for the internet angles.

Can you share what caused all this grief?

- Collapse -
I now know most of the flaws (at least the known ones)..
Nov 27, 2016 11:27AM PST

I still have very hard time catching with the Ducky, i read all about it what i can find, i watched the video and links you gave me but the only thing i understand is it mimics a keyboard and is able to mimic keystrokes. The information is confusing about someone who makes his first steps on this ground. But how exactly will it bypass the windows lock screen? Will it brute force it. or extract the login password itself? Can it extract facebook/email passowrds if i dont save them on the windows? Even if does steals the login passwords he would still need to login to do someething. Or is it that the ducky itself can execute/install spyware or something like that without logging?

About whats with the worries, it's the fact i have no idea how those things work. Being out of control (knowing someone could have installed something) is troubling me, and the only way i can relax a bit is to know the possibillties. It's good that people here give explanation exactly as things are, not covering information for the common user, and even if the odds are little someone somewhere will get screwed because he never know that rubber ducky (for example) could have done this and that and so on Sad

- Collapse -
How a keyboard can bypass the login?
Nov 27, 2016 11:57AM PST

When the USB device is enumerated the driver may be installed and that provides an exploit path.

I have to be honest here that I can't hold classes on the Rubber Ducky. There are forums and sites on that. You brought up the questions so I turned to what I use today for forensics and more. The PC was never made to be a secure computing platform.

Knowing that it works should suffice here. If you need to get into deeper details, time to ask in Rubber Ducky forums?

Anyhow I'm just a seasoned embedded electronics designer that learned a bit too much over the years about the PC, programming and such. I have a hard time trying to condense how it works into such a small text box so I no longer do that.

Instead I'll note devices I own and use (yes, I have a Rubber Ducky, I think it's been the best thing to show staffers that their ideas on security often have big holes.

-> On non PCs over the years I found other issues with physical access. A SUN computer would bomb out if you unpluged/plugged in the keyboard a few times. A few times it landed me in a root capable shell. That was an amazing find. The stories go on but the lessons are best summed up as.

1. Maintain physical and other security.
2. Nothing is totally secure.

- Collapse -
I will buy a small safe for the physicall part.
Nov 27, 2016 12:15PM PST

True, the help you provided so fat war more than enough. I may still do a more detailed research about the Rubber Ducky itself, but the simple fact so many people here in my region that are supposed to be advanced have no idea what it is give me hope that no one used it on mine laptop.
Here what came to my mind, and this is purely out of curiousity, does those malwares- keyllogers, adware and so on have expiration date. If they remain undetected by the user, won't they eventually stop working, after windows updates and so on. They probably would need some type of updating just like any other program does? What do you think Happy

- Collapse -
When it comes to malware.
Nov 27, 2016 12:24PM PST

Some expire, some kick right in and others bide their time, sleeping till a certain date.

For example if you wanted to mount a denial of service attack you would try embedding it slyly in some app but not raise any alarms. Then on the day of your choosing command your army to attack.

As to updating the story I've read on most trojans/malware is they have pretty short lifespans since once they are discovered, the afflicted OS may get an update. Apple has squashed many an OS bug with an update.

- Collapse -
Roger that!
Nov 27, 2016 12:38PM PST

Okey Happy I will be around with more interesting questions. Good night for now!

- Collapse -
Answer
Passwords, passwords everywhere
Nov 28, 2016 3:18PM PST

So you think you have all the angles covered. Care for a real headache?

http://lasecwww.epfl.ch/keyboard/

Warning: Once you start, the digging never stops in the bottomless pit.

- Collapse -
Damn..
Nov 28, 2016 8:03PM PST

Horrible. Than i am back on my old plan to buy one of those laptop like tablets like yogabook and only type my passwords from the touchscreen, i bet they have no way of intercepting that. The tablet is just around 500g so it should be easy to carry around on hostile enviroment.

- Collapse -
I did warn you ...
Nov 29, 2016 10:34AM PST
- Collapse -
Something similar once happened..
Nov 29, 2016 2:28PM PST

I friend of mine few years ago planted a tiny not that expensive camera right on top of the desk where his roommate girlfriend used to leave her laptop, he captured her login password and other things, ever since i learned that story i always check surroundings for camera and whatsoever. I never type passwords on places where they are cameras or windows nearby..