USB 'Dead Drops' 322
Okian Warrior writes "Aram Bartholl is building a series of USB dead drops in New York City. Billed as 'an anonymous, offline, peer to peer file-sharing network in public space,' he has embedded USB sticks as file cache devices throughout the city. Bartholl says, 'I am "injecting" USB flash drives into walls, buildings and curbs accessible to anybody in public space. You are invited to go to these places (so far 5 in NYC) to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your files and data.' Current locations (more to come) include: 87 3rd Avenue, Brooklyn, NY (Makerbot), Empire Fulton Ferry Park, Brooklyn, NY (Dumbo), 235 Bowery, NY (New Museum), Union Square, NY (Subway Station 14th St), and West 21st Street, NY (Eyebeam)"
Yeeeahhh (Score:5, Insightful)
Turn off AutoPlay first, kids. You'll thank me later.
Dead drops? (Score:5, Insightful)
Is that kind of like a Glory Hole? Probably the same number of viruses.
Engineering aspects: (Score:4, Insightful)
Also I'm sure many will complain about the possible dangers of viruses but imagine worse. How much damage could you do with a usb stick? It wouldn't be impossible to rig a car battery to the contacts from the other side of the wall.
Re:Sounds great! (Score:2, Insightful)
So this is what passes for clever these days (Score:2, Insightful)
What the heck is the point of this? Sometimes I hate artists. Here's an idea, just give someone a USB drive when you want to share files with them. Or mail it. Or I guess call it art and attach USB drives to walls. Move over Van Gogh, there's a new master in town!
Re:Sounds great! (Score:4, Insightful)
A better way would be to build a simple open wifi AP. No internet connection, just storage.
Although (Score:2, Insightful)
How stupid can you get? (Score:3, Insightful)
Apparently, this person is willing to expose himself as a complete moron, just to get a bit of publicity. This is not even original, security experts have been using something very similar as network penetration technique for years.
Re:Yeeeahhh (Score:5, Insightful)
Ya I would have thought an open wifi network connected to a little ftp server (but for fun not the internet)would make a far better dead drop.
for one you wouldn't have to be so obvious about connecting to it.
Sitting in a coffee shop across the street would be far less conspicuous.
It's like the 70's and 80's (Score:5, Insightful)
...its like the era of near anonymous sex, eventually people started dying after hooking up. How long before we see people killing their computers, or going to jail because they plugged in and xferred something really illegal?
This is REALLY smart.
Re:Cool (Score:3, Insightful)
He would KICK ASS... with a cool voice.
Re:Yeeeahhh (Score:1, Insightful)
Cops Will Not Like This... (Score:4, Insightful)
From a geek perspective, I think this is awesome. It combines all the fun of geocaching with the rewards of actually getting something. I do think that viruses would be a concern, yes, but at the same time, anyone looking for one of these things is going to expect that, and will either be protected somehow, or will be using a machine they can keep in quarantine.
From an art perspective, I think this is awesome. It's funny, fresh and gets people outside, exploring their world. It's using available materials to change the way people look at common, everyday items.
From an engineering perspective, all I can see is broken USB hubs stuck in my port because I sneezed too hard. Or shorted out the port because it was wet on the inside of the plug. Or someone thought they were cute and put some WD-40 in there, instead of electrical contact cleaner.
But from an societal point of view, I see strangers walking up to a building and holding their computers up against the wall. That's fine for things like monuments, park statues and maybe even trees in a park? But doing that outside a business might get you in trouble.
Do it anywhere near someplace the NYPD consider "sensitive", and you might just become the latest headline news.
Re:It's like the 70's and 80's (Score:3, Insightful)
Exactly, what a bunch of idiots.
People doing this are going to discover that cops may not care much when you transfer copyrighted files over the net from the privacy of your own home, but they will care and will take notice when people start acting suspiciously in open public areas. People will probably start being arrested on suspicion of trading drugs, planting bombs, etc.
Re:cfdisk /dev/sdb; mkfs.ext4 /dev/sdb1 (Score:3, Insightful)
Partition the usb drive into two. sdb1 is a tiny ntfs partition with some barney pics, and sdb2 is ext3 with all the awesome stuff on it. Windows won't even know how to access the 2nd partition AFAIK. Last time I checked Windows wouldn't even let you partition a usb thumbdrive w/ more than 1 partition.
Re:Yeeeahhh (Score:3, Insightful)
Promiscuously connecting your laptop or mobile device to USB drives is a sure fire way to get pwned. OSes generally do not have the same level of protection to a physically connected storage device as they do to their network devices.
Stay away! (Score:2, Insightful)
He seems to be forgetting something (Score:2, Insightful)
Re:cfdisk /dev/sdb; mkfs.ext4 /dev/sdb1 (Score:4, Insightful)
Re:Good way to get your laptop attacked (Score:4, Insightful)
And here is an article on this exploit technique:
http://www.dailytech.com/USB+Drive+Malware+Exploit+Windows+7+Flaw+in+Apparent+Espionage+Effort/article19065.htm
http://www.dailytech.com/USB+Drive+Malware+Exploit+Windows+7+Flaw+in+Apparent+Espionage+Effort/article19065.htm [dailytech.com]
What, you can't actually make a link?
Why is parent +5 Insightful? (Score:3, Insightful)
> I figured it would also need some code to figure out who was getting too close to the hidden antenna and drop transmit power or the connection outright to mask the actual location.
1) If I sniff only, you will not detect me
2) No matter what you do, unless you switch positions, I can find you over time
> I also figured the network would need to occasionally switch off and vanish if devices nearby were lurking and not sharing, even with that, no way to defeat passive wifi sniffing.
How will you find out that I sniff when I only sniff? I will send _nothing_.
You did not consider all attack vectors (Score:3, Insightful)
I can put a JPG, MP3, PDF, anything that exploits a zero-day (or known) vulnerability on the drive. As you will not only _copy and store_ but _open_ the files...
Also, what stops me from emulating a keyboard and entering a load of crap? "Windows-c (?) deltree c:\\ /y\n" comes to mind.