Hard-Drive Enclosures

[ZapNZs]

Not following your comment here.

FWIW, all firmware is very susceptible to attacks and most people just don't get that. With Thunderstrike, you plug in a Thunderbolt-to-Ethernet adapter that was infected, and every device you plug in gets infected. And because it is EFI malware, installing a new hard-drive or OS won't do sh**!

If they can do that to a Thunderbolt adapter, why not a USB3 adapter? (See my concern?)

All of this is ironic, because without China goods there would be no electronics in the U.S.!

However, based on what I have read, I am now much more careful before I run off to eBay and get some "great deal" on computer goods.

I'm sure there are lots of honest people on eBay selling computer parts - including those in China - but why buy from someone whom you don't know?

I trust Apple or Micro Center or OWC more, and if they ever sold infected goods, they'd be out of business overnight. Whereas that dude in Taiwan couldn't give a rat's hind-quarters...

Just sayin...

I am far from an expert on security, but, to my understanding, Thunderstrike has never been confirmed in the wild, but firmware attacks on hard drives have and they have presumably been around for quite some time. Like Thunderstrike, nuke and pave doesn't cut it

 

[Ambrosia7177]

I am far from an expert on security, but, to my understanding, Thunderstrike has never been confirmed in the wild, but firmware attacks on hard drives have and they have presumably been around for quite some time.

I believe Thundersrike came from the CIA, so it is in the wild, albeit in a limited nature.

Like Thunderstrike, nuke and pave doesn't cut it

What does that mean?

 

[kschendel]

I don't think USB devices have Option ROM that is accessed by the firmware, so there's no equivalent.

It is possible for a malicious USB device to blow up the USB port electrically, but that's hardly the same thing, and I rather suspect the word would get around.

Anyway, there's nothing wrong with security awareness; just don't let it paralyze you.

 

[Ambrosia7177]

I don't think USB devices have Option ROM that is accessed by the firmware, so there's no equivalent.

It is possible for a malicious USB device to blow up the USB port electrically, but that's hardly the same thing, and I rather suspect the word would get around.

I think you hit the nail on the head with that comment!

That being said, my concerns are probably not as warranted - that is until some USB attack is created!

Anyway, there's nothing wrong with security awareness; just don't let it paralyze you.

Just trying to stay humble and realize how challenging security can be! (I thought I was pretty smart until I learned all of the ways you can hack a Mac with physical access...)