“People look at these things and see them as nothing more than storage devices,” says Caudill. “They don’t realize there’s a reprogrammable computer in their hands.”
In an earlier interview with WIRED ahead of his Black Hat talk, Berlin-based Nohl had said that he wouldn’t release the exploit code he’d developed because he considered the BadUSB vulnerability practically unpatchable. (He did, however, offer a proof-of-concept for Android devices.) To prevent USB devices’ firmware from being rewritten, their security architecture would need to be fundamentally redesigned, he argued, so that no code could be changed on the device without the unforgeable signature of the manufacturer. But he warned that even if that code-signing measure were put in place today, it could take 10 years or more to iron out the USB standard’s bugs and pull existing vulnerable devices out of circulation. “It’s unfixable for the most part,” Nohl said at the time. “But before even starting this arms race, USB sticks have to attempt security.”
Caudill says that by publishing their code, he and Wilson are hoping to start that security process. But even they hesitate to release every possible attack against USB devices. They’re working on another exploit that would invisibly inject malware into files as they are copied from a USB device to a computer. By hiding another USB-infecting function in that malware, Caudill says it would be possible to quickly spread the malicious code from any USB stick that’s connected to a PC and back to any new USB plugged into the infected computer. That two-way infection trick could potentially enable a USB-carried malware epidemic. Caudill considers that attack so dangerous that even he and Wilson are still debating whether to release it.
I find it interesting that we are so advanced with visuals, but computer voices are still way behind. So at least voice actors in Hollywood will have jobs for a while.
As Glenn notes, I’m old enough to have known her decades ago when she was Martin. I saw her for the first time since the sex change a year ago at the New Space conference in San Jose. Anyway, a fascinating profile of her.
[Update a few minutes later]
D’oh! Now it makes sense. Gabriel Rothblatt is Martin’s/Martine’s son. He’s running for Bill Posey’s seat in Florida (at the Cape) on a space platform, and he was at this year’s conference. Unfortunately, he’s a Democrat.
The most popular answer outside the academy is the cynical one: Bad writing is a deliberate choice. Scholars in the softer fields spout obscure verbiage to hide the fact that they have nothing to say. They dress up the trivial and obvious with the trappings of scientific sophistication, hoping to bamboozle their audiences with highfalutin gobbledygook.
Though no doubt the bamboozlement theory applies to some academics some of the time, in my experience it does not ring true. I know many scholars who have nothing to hide and no need to impress. They do groundbreaking work on important subjects, reason well about clear ideas, and are honest, down-to-earth people. Still, their writing stinks.
The most popular answer inside the academy is the self-serving one: Difficult writing is unavoidable because of the abstractness and complexity of our subject matter. Every human pastime—music, cooking, sports, art—develops an argot to spare its enthusiasts from having to use a long-winded description every time they refer to a familiar concept in one another’s company. It would be tedious for a biologist to spell out the meaning of the term transcription factor every time she used it, and so we should not expect the tête-à-tête among professionals to be easily understood by amateurs.
But the insider-shorthand theory, too, doesn’t fit my experience. I suffer the daily experience of being baffled by articles in my field, my subfield, even my sub-sub-subfield. The methods section of an experimental paper explains, “Participants read assertions whose veracity was either affirmed or denied by the subsequent presentation of an assessment word.” After some detective work, I determined that it meant, “Participants read sentences, each followed by the word true or false.” The original academese was not as concise, accurate, or scientific as the plain English translation. So why did my colleague feel compelled to pile up the polysyllables?