

USB glory holes: anonymous, offline file-sharing in public space - dwinston
http://www.npr.org/blogs/thetwo-way/2010/11/02/130997071/-an-anonymous-offline-peer-to-peer-file-sharing-network-in-public-space

======
daeken
As a security guy, the idea of connecting this to my system scares the bejesus
out of me. I want to point two small things out: USB device drivers are
universally poorly tested, and this device could be anything. There's nothing
stopping such a device from running an exploit in ring0 and taking full,
instant control over your system.

~~~
ldite
For that matter there's nothing to stop this device having 240V AC across its
pins

------
TamDenholm
I think the term "dead drops" is better than "glory holes" but i suppose
you're just a likely to get a virus no matter what its called.

~~~
KoZeN
To be honest, I think glory hole is a pretty accurate description.

I wouldn't put anything I value into either.

------
itsnotvalid
File-sharing in such form may not be anonymous, for example one may keep a
snapshot of what's on that disk, and then check again after somebody have used
it. That could catch anyone wet-handed for sharing anything, albeit legal or
illegal. The anonymity is not as easy to preserve as it sounds like.

Likewise some may put virus into the disk (internally or automatically due to
the virus itself) which the next person may not have their computers patched
and have no anti-virus installed.

------
zokier
Previous discussion <http://news.ycombinator.com/item?id=1851088>

------
JonnieCache
As much harm as could obviously come from this, surely we can agree that the
potential for epic mischief and shenanigans is unmatched?

If I'd discovered one of these near my house in my early teens it would've
obsessed me for weeks. I'd probably have ended up learning USB debugging or
something to cause further trouble ;) I see this as an absolutely massive jolt
to people's natural sense of curiosity which is so often neglected in urban
environments.

------
vjk2005
I don't see why this is USB when the system could work much better with WiFi -
multiple users can connect to the same hub without any of them having to
physically tether themselves to the spot.

And as for the potential for malware outbreaks, this is basically like a
public water tap and just like we filter that water before drinking, scanning
the data before using it will solve the malware problem.

------
systemtrigger
The hack here is that someone got a ton of press for the cost of 5 USB drives
and a gallon of cement.

------
InclinedPlane
As with any time when you couple your device with some random hole you should
take all necessary precautions to avoid contracting a disease.

~~~
daeken
(I know this comment was intended to be largely funny, but I feel I need to
point this out.) Thing is, this isn't like downloading some files, but like
dropping a random PCI card into your box. By connecting this to your system,
you're really ceding complete control, with effectively no way of preventing
any attack from taking place. Is it likely? Not particularly, but it's
definitely possible.

~~~
InclinedPlane
It's intended to be serious, I just decided to add the humorous slant to it
after I started writing.

If I were to use data from these drops I'd want a junk system that I could
flatten between uses dedicated to the task. Connecting random usb devices to
your system is a recipe for disaster in a billion ways. Even connecting well
behaved usb devices to your system with unknown data on them is fairly risky
due to the poorly chosen default settings of popular operating systems like
Windows.

