What are the main attack vectors on USB storage drives on Windows 10?

I am trying to understand what generic risks are there in using my thumb drive to transfer files to some untrusted machine and plugging it back to my Windows device. Specifically I am interested in generic threats when I plug my USB Drive to external machine is compromised (like public image printing shop).

As far as I understand 2 main risks are:

A) Malicious files are copied to my pen drive from a compromised system and than

  1. I open them manually on a personal computer.
  2. Viruses are run automatically on usb drive plug in. (obsolete unless autorun is enabled manually on target machine)
  3. Malware is executed without user interaction and with autorun disabled. Such example would be something like buffer overflow in windows image thumbnail generator (CVE: 2010-3970). As far as I understand no user interaction will be needed and machine can be infected on it`s own (besides inserting USB drive, and browsing the folder of course).

B) Automated BadUSB firmware reprogramming. With all the further consequences that BadUSB deliver. But generally this kind of attack is not present in form of generic attack as it would require to support huge amounts of different peripheral manufacturers with different devices.

So my questions are:

Are there any other generic (non-targeted) threats that are similarly widespread in the wild?

In respect to risk 3 – how common are such almost no user interaction vulnerabilities in the wild?

SharePoint mapped drives eventually always disconnect, requiring logging out/in via IE

In our corp environment, we are being required to move our file shares to SharePoint Online. In order to maintain some semblance of ease of use for the general user population, we’re trying to continue to use mapped drives. Bizarrely, Microsoft discourages this (no reason given why). We’re still gonna try.

Our procedure, which always gets things working in the short term:

  • Add our SP site (https://XXXXX.sharepoint.com) to the Internet Properties Control Panel Trusted Sites list (using wildcards, e.g. https://*.sharepoint.com does not work)
  • Open Internet Explorer (must be IE, not any other browser), log out of our SSO corporate SP site, close IE, reopen IE, sign back in, close IE
  • Map the SP Document Library to a drive letter, e.g.

    net use T: https://XXXXX.sharepoint.com/sites/myteamfileshare.group /PERSISTENT:YES

This works “for a while.” (It even survives logouts/reboots.) After some time period (around a week?), when a user logs back in, the drive has a red X over the drive icon in Windows explorer, and if the user tries to access that drive in Windows Explorer, they get this error dialog:

SharePoint error dialog

This error can be resolved if the user performs step #2 above (opening IE, logging out, closing IE, etc.), but that is an unacceptable workaround.

It unfortunately looks like this problem has been around for quite some time, in some form or another (cf. The network drives mapped to Sharepoint Documents Library cannot reconnect after login in Portal O365 and intermittent Error when Using File Explorer to access Sharepoint content)

Any methods to get a consistently mapped drive that doesn’t disconnect are very appreciated!

Just installed LVM Raid 1 on a new server with 2x 10Tb hard drives and the Disk I/O is killing everything else every second

I copied a bit of data on my LVM based RAID1 (not hardware RAID) with 2× 10Tb hard drives:

/dev/mapper/users-users  9.1T  1.9G  8.6T   1% /home 

and now it’s killing my I/O to the point where my mouse, keyboard, video are blocked/unblocked/blocked/unblocked…

I’m thinking that maybe something is wrong at the hardware level but wondering what that could be. Wondering what to test first to try to make a better diagnostic.

I have another 2 drives in the same drive array but they are not setup in RAID mode.

Looking at the output of iotop it tells me that there is about 2Mb/s written to disk, a pretty much permanent write… When I look at the Disk LED, I can see them come up and out over and over again and can hear the seeking heads too.

Trying to watch a video, it fails really bad. Choppy would not even be the word here. It’s like one image every other second if even that much. So a really big I/O killer for the entire computer.

Wondering whether someone would have encountered such a problem before and what can be done to fix it if possible (I certainly hope it is possible!)

My motherboard is a Supermicro X11DPH-T and I also got a case from Supermicro the 745BAC-R1K28B2 4U Full Tower Chassis. I’m running Ubuntu 18.04 LTS. The server is new and so is the install (i.e. not an upgrade from 16.04 or who knows what…)

Would there be a way to know whether a specific hard drive or some other hardware device is causing the trouble?

What sofware to encrypt whole drives, Google drive folder, keeping access on Android and good performances? [on hold]

I would like to encrypt my drives and data on Windows 10, but I need some recommendation to use the appropriate software(s).

  • On my system drive, I have the "Backup and sync" Google software and the synchronized Google Drive folder. But I absolutely need to let the folder content readable from my phone at any time. If I encrypt the whole drive, will this folder be synchronized as encrypted? If yes, is it possible to decrypt files from Google Drive on the fly on Android?

  • I also have a "Media" SSHD (with my Pictures and Videos folders, and video editing stuff), a "Backup" SSHD (which contains the FileHistory Windows folder), and a "Virtual machines" SSHD. Note that I need to keep good performances with all of them if I encrypt them, regardless of the method.

I think that the most important folders to encrypt are Google Drive, Pictures, Videos and FileHistory. But I don’t know if whole drive encryption will be better and more appropriate.

For Windows, I found "Bitlocker" and "VeraCrypt", but if all files are encrypted, I won’t be able to decrypt Google Drive folder content on Android.

For Google Drive, I found "Boxcryptor", "Cryptomator", and "GoodSync" which work on Windows and Android, but which seems to be specific to cloud storage.

  • What folders or drives must I/can I encrypt to keep good performances?
  • What software(s) do you advise me to use? Do I have to use two sofwares to fit my requirements, or do you have any other recommendation?

Thanks!

How to tell pair of RAID1 drives is successfully mirroring?

This is not an urgent problem, but I would like to know if I am currently making use of both of my hard drives (and/or if I can fix that).

Essentially, I purchased this computer without an OS and I have successfully installed Ubuntu Server on it.

The computer comes with 2 3TB hard drives.

My understanding is that I can either have a RAID0 configuration to have 6 TB of storage space, or a RAID1 configuration where 1 3 TB drive mirrors the other 3 TB drive.

Given that I have started to run analysis on the server, I am OK with mirroring the hard drive (RAID1).

However, I don’t think I have successfully done that. For example, if I check my /proc/mdstat file, this is what it says:

Personalities : [raid1] [linear] [multipath] [raid0] [raid6] [raid5] [raid4] [raid10] md126 : active raid1 sda[1] sdb[0]       2930264064 blocks super external:/md127/0 [2/2] [UU]  md127 : inactive sda[1](S) sdb[0](S)       5040 blocks super external:imsm  unused devices: <none> 

Likewise, this how those drives are recognized using lsblk -o NAME,SIZE,FSTYPE,TYPE,MOUNTPOINT

NAME         SIZE FSTYPE          TYPE  MOUNTPOINT sda          2.7T isw_raid_member disk └─md126      2.7T                 raid1   ├─md126p1  512M vfat            md    /boot/efi   └─md126p2  2.7T ext4            md    / sdb          2.7T isw_raid_member disk └─md126      2.7T                 raid1   ├─md126p1  512M vfat            md    /boot/efi   └─md126p2  2.7T ext4            md    / sr0         1024M                 rom 

However, this is the available space that I have using df:

Filesystem      1K-blocks      Used  Available Use% Mounted on udev             16370772         0   16370772   0% /dev tmpfs             3280440       940    3279500   1% /run /dev/md126p2   2882700496 223265236 2512931992   9% / tmpfs            16402180         0   16402180   0% /dev/shm tmpfs                5120         0       5120   0% /run/lock tmpfs            16402180         0   16402180   0% /sys/fs/cgroup /dev/md126p1       523248      6152     517096   2% /boot/efi tmpfs             3280436         0    3280436   0% /run/user/1000 

So, my questions are as follows:

  1. Am I actually mirroring my hard drive with a RAID1 configuration?
    If so, how can I recover my hard drive is something goes wrong?

    From the /proc/mdstat file, it looks like there is some sort of the link between the drives (since md126 is listed with super external:/md127/0, on the 2nd line)

  2. If both hard drives are not currently being used (for RAID1 mirroring), what do I need to change? Can I start mirroring my first hard drive without erasing everything currently on the first drive?

Is there a way to copy files between drives via Ubuntu GUI?

First I can’t open my other drives. There’s an error unknown filesystem type 'exfat'. I solved this by installing exfat-fuse and exfat-utils. Now I can open my other drives.

But now I want to copy files from my Ubuntu drive partition to the other drives via the ubuntu GUI, but I can’t copy it. The paste command is disabled.

I know there’s a command line way to do this, but I want to do this via GUI. It’s faster to do this via GUI and I don’t have to memorize commands.

Is there a program that I can install to make this possible?

How to show other locations/local drives on left pane of file explorer?

On my Ubuntu 16.04 all my local disks were on left pane of file explorer and mount with one click. On 18.04 I have to select other locations from left pane first then select the disk(partition). My question is can I somehow make it like in 16.04. Also my 3 local disks (D,E,F) all have same name when viewed in other locations. This creates further confusion.

I tried bookmarking but it doesn’t auto mount clicking it. I have to mount it first time for bookmarks to work.

Ext4 formatted flash drives lose files when the drive is removed from the PC on 19.04

I’m using PopOS 19.04, although the issue was also present on vanilla Ubuntu 19.04 and caused me to lose some important files.

Whenever I use a flash drive for Linux, format it as ext4, add files, and then remove the drive from the USB port, all of the files disappear. The only way that I have recently found to make them not disappear is to right click and hit “remove safely”. I can do this every time if I have to but I don’t have to do it for Windows, what is different? Is it just a bug?

How to access Windows drives from 18.04 within a VMware guest?

I have not found a solution to this though there appear to be many similar Q’s.

I have a Windows 10 host. I have created a ubuntu 18.04 LTS guest inside a VMware workstation 15 player. The installation used Easy Install (by default and I left it as such) which I understand installs the necessary vmware tools.

I have enabled shared folders within vmware workstation player to provide access to the desired Windows folders.

However, the Windows folders are not visible to me within the ubuntu guest – neither as an ordinary user nor as root (I’ve enabled the root user password).

I have successfully done this previously but with a Slackware guest. I’m new to Ubuntu and am assuming there is something with Ubuntu that I have not understood or done.

Any help or advice would be appreciated.

Thanks.

Kevin.

Help with malware on removable drives

Here’s the situation. So, I was recently the victim of a drive-by download. The first thing I did was shut off my laptop, thinking that would stop it. When I turned it back on, there was a suspicious looking .tmp file in my downloads folder, and a couple more in JumpListIcons. Then, like a complete buffoon, I plugged in my external hard drive and SD card and decided to back up my files. Now, of course, I have no idea whether or not the dang things are infected.

After I backed everything up, I took the laptop off the Internet, turned it off, and haven’t really used it since (save for maybe an hour or so later that day to look at a site. I turned the Internet off again after, of course). As such, I wasn’t able to locate any new .exe files anywhere, as I didn’t give myself the time. Anyway, though, I know next to nothing about computers, so I wouldn’t know where to look, anyway.

So, what I’m wondering is:

-How do I safely check whether or not the card and drive are infected?

-What types of malware, if any, are capable of getting into things like pictures, videos, music, .html files, docx files, and .swf files? I know ransomware can target anything and everything it finds, but what about other types?

-Can malicious code hide in the card & drive themselves without even needing to infect a file?

-Should I even risk restoring this stuff if I really think it’s infected? How should I go about doing it if I decide to?

-Lastly, I was wondering how malware interacts with program-specific file types, like .psd or .sai. I draw a lot, so I’d like to try and save that stuff if I can.

Also, potentially important to note is that I don’t really care what happens to the laptop. I was gonna buy a new one anyway. I’m just concerned about my stuff, is all.