Jump to content

Thumb Drive Attached To A Tb


starcrwzr

Recommended Posts

I'm getting ready to release my first Travel Bug and had the idea of attaching it to a 128kb thumb-drive. I'd put a little about myself, and the bug, on a text file and maybe add a photo, on the drive and ask that anyone that gets the bug, to put something about themselves as well. Have you heard of anyone doing this before and what do you think of the idea?

 

Starcrwzr

Link to comment

Now days malware comes from web sites. I have not even seen an email virus in a long time. It would not bother me at all to put your thumb drive in my PC. Even if it had a virus how would you get it? I would not run any executable files on it but viewing pictures and text documents is benign. Of course always keep up on your patches and antivirus updates.

 

You probably have a greater risk of getting an infection from clicking on a link someone has posted in this forum than from a thumb drive.

Link to comment

It is possible to embed malware in a .JPG, but the patch to Windows preventing this has been out for more than a year, so if you keep your hotfixes up to date you're safe. Any file created with the Office suite can contain a macro virus, but Office has been configured to prompt before running macros for years. It is possible to autorun a program a program on removeable media, and Java and Active X scripts can run in the background where you aren't even aware they're running.

 

Reasonable measures will prevent all the above. I have autorun disabled from all media, so I wouldn't hesitate to put this bug in my computer, but I would do a thorough scan of the drive before opening anything on it.

 

I think it's a cool idea, and I'd definitely add a photo to it if it passes near here.

Edited by CheshireFrog
Link to comment

I like the idea and I wouldn't be worried about putting it into my computer. As Briansnat said, it's no big deal to scan it with AV software and the chances of getting anything without running an exe file anyway are slim to none. Normal web surfing potentially exposes you to much more spyware junk anyway. And, no I have never heard of getting spyware stuff from a JPEG file.

 

Go for it. If someone is afraid to put the thing in their computer, they can leave it in the cache or just move it along without looking at the thumb drive.

 

RM

Link to comment

I kinda like the idea of a TB with this thumbdrive and as for the trepidation shown by some of the earlier posts about attaching this to their own system, well...you need to have a certain amount of trust in your fellow man balanced with some common sense.

 

I'd either scan it with an AV program if I were to use my own system or open the thing up on a public library computer.

Link to comment

Now days malware comes from web sites. I have not even seen an email virus in a long time. It would not bother me at all to put your thumb drive in my PC. Even if it had a virus how would you get it? I would not run any executable files on it but viewing pictures and text documents is benign. Of course always keep up on your patches and antivirus updates.

 

You probably have a greater risk of getting an infection from clicking on a link someone has posted in this forum than from a thumb drive.

or just surfing the web as is. It takes a malware designer 5 minutes and 5 bucks to register a domain name and put up a piece of malware. Also if it is on a disk, it most likely is a virus that is going to have trouble spreading anywhere and if you do indeed get a virus from it, well you are doing a service to the geocaching community. Let us think as a malware writer, "i want to write a piece of malware" my two possible reason for doing this would be 1)to make money by selling user info (if it is on a thumb drive, we aren’t even sure it can even access the internet) and so collecting that info is going to be harder, we don’t even know the computer has an internet infection. And the number of people who are using the program is so small there is know way you would make that much money. 2) I want to be famous. Now why would i ever want to infect one computer on at a time and by the time you got one computer that user would take it out of circulation. Infecting one computer at a time is like write a virus that attacks Macs (2% of the internet community (I don’t mean that to offend anyone)). if you want to be famous or make money there are other ways.

 

Just thought I would share. I would say go ahead, sounds like a great idea! :lol: Besides if you do bpt a virus on there your ip was logged :wub:

Link to comment

I'm getting ready to release my first Travel Bug and had the idea of attaching it to a 128kb thumb-drive. I'd put a little about myself, and the bug, on a text file and maybe add a photo, on the drive and ask that anyone that gets the bug, to put something about themselves as well. Have you heard of anyone doing this before and what do you think of the idea?

 

Starcrwzr

 

Maybe a low-tech solution might work better, such as an a small 3.5" notebook or a bound collection of index cards would work just as well? That way people can still write about themselves without the worry of computer security (plus, you don't have to be very computer literate). If you want pictures, you might be able to find a small, cheap camera instead. You'd run the risk of it being stolen, but a traveling camera might work out.

Link to comment

"And companies have been specifically targeted"

 

those were directed at certain companies---that more about pentration testing. I do not deny that thumbnails are risk. If i where a network admin and someone but some file on one of my computers :D i whould flip out :laughing::laughing: . But those are just trying to get in to a company--but to collect personell info it is a waste of energy. I realy dont think there is anything to be that worried about here...

Link to comment

1 potential poroblem I see with this, which is what keeps me from doing the same. What is to keep someone from putting non family pictures on it? remember there are kids that cache without parents and if they got their hands on it. What could they be viewing.

 

Personally I like the idea and wanted to use it in conjunction with maybe clues to other caches (like a multi). But I don't trust anyone to not ruin a good thing. and it only takes 1 irrate parent to take you to court for subjecting their kids to something objectionable (Child pornography). Yeah most won't but in this day n age it only takes 1 to spoil the whole.

Edited by Fakk 2
Link to comment
1 potential poroblem I see with this, which is what keeps me from doing the same. What is to keep someone from putting non family pictures on it? remember there are kids that cache without parents and if they got their hands on it. What could they be viewing.

Hopefully this won't come off sounding snarky - that's not my intention - but it seems to me you could write almost the same thing about a geocache: 1 potential problem I see with this a cache [...] What is to keep someone from putting non-family items on it inside? remember there are kids that cache without parents and if they got their hands on it. What could they be viewing finding. (Cue a list of inappropriate trade items, like knives, lighters, cigarettes, booze, porn mags, etc.)

 

Guess my point being that there's at least as much risk that kids will find bad/inappropriate/non-family-friendly things in a cache, probably even more so than finding something bad on a flash drive travel bug. Muggles can leave the most bizarre things in caches, either out of mischief or just plain ignorance. But it seems to me less likely that anyone other than a geocacher would bother taking a flash drive TB home, adding material to it, and actually replacing it in a cache. (If a muggle took it, I'd expect they'd just rip the dogtag off and keep the drive for their own use.) And I'd like to think that even if a warped cacher decided to store some highly inappropriate material on a TB like this, that it'd hopefully be noticed right quickly by the next cacher and the offending material removed, much like a cacher might trash out inappropriate material from a cache. (In the case of a TB, I suppose it'd be more proper to check with the owner before deleting questionable files - personally I'd give two thumbs up if someone added a picture like Snoogans' tasteful nude example up above, but I'd understand if the TB owner had a different opinion. In the case of something like hard-core porn, I doubt any TB owner would want the material to remain on the drive.)

 

Inappropriate things could be left in a cache (indeed, have been left in caches), yet we generally manage to get along okay despite the risk, and people seem to be willing to help out when this happens. I don't see it being much different for a TB like this.

 

Personally I like the idea and wanted to use it in conjunction with maybe clues to other caches (like a multi). But I don't trust anyone to not ruin a good thing.

A thought that comes to mind if you wanted to persue this idea for use in a cache. Some flash drives come with a built-in write-protect option - usually a little slide switch on the side of their housing. If you were to put your data on the drive, slide the switch to the locked position, and then superglue/epoxy the switch so it can't be unlocked, then you could rest easy about anyone being able to tamper with the data or add anything objectionable. Might even reduce the risk of someone stealing the drive for their own use, particularly if you had a note attached that made it clear the drive had been rendered unwriteable.

Link to comment

I have standalone test computers at my house equiped with file and registry monitoring programs. I can also scan it with several AV applications. I would look at it on one of my test machines. I personally would use a CD-RW becasue it's cheaper.

 

As far as something harmful to a child: As with all caches, that is always a potential risk. Case in point: I had to go looking in some bushes for a cache at a park. Guess what I found on the ground, an insulin syringe with a needle attatched to it. That's when parenting comes in. If I brought one of my neices or nephews, I would scope out the cave, bush etc. before letting them enter. I would also teach them to be on the look out for harmful objects. If they had to put their hand in a small opening, I would teach them to first look in the opening with a flashlight.

Edited by Seedillume
Link to comment

Would you eat any food you found in a cache?

 

Would you give your pet a treat you found in a cache?

 

Why would I do the same to my trusty computer?

 

 

I don't use my computer to eat but I was wondering which side of the plate, is a computer placed.

 

no wait -

 

Which wine goes best with your computer.

Link to comment
I had one of my guys write a Trojan that, when run, would collect passwords, logins and machine-specific information from the user’s computer, and then email the findings back to us.
Notice the bolded part. I have never heard of a USB drive hijacking your computer just by plugging it in.* If you are stupid enough to run "cool_picture.exe" without scanning it first, then it doesn't matter that it is on a USB drive. You could do the same thing on a webpage or via email, much easier. Why would any geocacher want to go to the effort of creating a malicious program that has such a tiny spread? Heck, even if there were a magic device that infected the computer of any user opening the cache it's in, no malware writer is going to care about infecting a dozen random users. The planted USB drives in the article were a targeted attack.

 

I would use a USB drive TB I found in a cache without a second thought. Since I use Linux anyway, the chances of installing Windows malware are zero. :D On Windows it would take a few seconds to scan it for viruses, anyway.

 

 

*actually, one tiny obscure buffer overflow exploit that was patched in a day or two, but that's beside the point

Link to comment

Fellow GC'rs,

Thanks for all the input, my decision was to release the TB without the thumb drive attached. I agree with a lot of you about being smart (and wise) and scanning a drive before using it, but, what about that one person who doesn't have the "smarts" and picks up a virus from "my" thumb drive. I'd feel real bad if that happened, and didn't want to take the chance.

 

I've never met another GC'r, other then on-line, but I can't imagine any of you willfully putting a virus or mal-ware on someone's thumb drive. Hobbies like this usually attract decent, law-abiding citizens who wouldn't think of doing any harm against their fellow hobbyists, but I couldn't take the chance.

 

Thanks again for all your input.

 

Starcrwzr

Mountain High Bed & Breakfast and Observatory

www.mountainhighbnb.com

Link to comment

I have never heard of a USB drive hijacking your computer just by plugging it in.*

 

See my post right above yours -- it's possible, doable, and there's probably bad guys doing it right now. USB drives can have "autorun" files on 'em, too. Now, as you and others have pointed out, one would have to be pretty stupid to stick foreign media in their PC with Autorun enabled. And you can avoid all the hoo-ha by running Linux. Best advice yet.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...