If you want nothing short of the best in Komatsu Hydraulic Parts, then brand-new genuine OEM Komatsu parts deserve strong consideration. Brand-new parts will deliver long-lasting performance and extend the time between replacements. The latest Caterpillar Main Hydraulic Pump also feature the most advanced technology available from the global heavy equipment leader, which can increase your excavator`s productivity and reduce your long-term ownership costs. Genuine OEM parts can provide much better quality than those aftermarket products offered by many suppliers. We carry a full line of General Duty parts as well as Heavy Duty Excavator Parts.
Hydraulic Piston Pump, Duplex Pump, Short-Stroke Pump, Noise/Vibration Reduction, High
Self-Priming Ability, Rotational Stability, High Efficiency, High Pressure, Compact Size,
Reduction of Overall Length.
Komatsu Hydraulic Main Pump,Komatsu Main Hydraulic Pump,Komatsu Hydraulic Pump,Komatsu Hydraulic Pump Spare Parts,Komatsu Hydraulic Main Pump Assembly,Komatsu Main Pump,Komatsu Pump,Komatsu Hydraulic Parts,Komatsu Excavator Parts.
Komatsu Hydraulic Pump Spare Parts
Komatsu Hydraulic Main Pump,Komatsu Main Hydraulic Pump,Komatsu Hydraulic Pump,Komatsu Hydraulic Pump Spare Parts,Komatsu Hydraulic Main Pump Assembly,Komatsu Main Pump,Komatsu Pump,Komatsu Hydraulic Parts,Komatsu Excavator Parts Jining Juheng Hydraulic Machinery Co., Ltd. , https://www.jhexcavator.com
“This is a Chinese-made electronic cigarette. The charging device contains a hardware-coded malicious program.†And this e-cigarette is charged through the USB port. This executive will plug it into the company for charging. On the computer, the computer is infected with a malicious program.
In this case, if the malicious program is made more secretive, then the entire attack process can even reach God's ignorance. The core of this communication is the "USB security" we want to talk about. 
It is inaccurate that we arbitrarily mention the term "USB security". Because USB is essentially a universal serial bus - there are many buses, SATA bus, PCIe bus, etc. What kind of security topic can you talk about? Perhaps USB can be used as a means of malicious program propagation at best. We say "USB security" and saying "network cable security" is it almost ridiculous?
However, probably because USB is a unified star standard that replaces various ancient interfaces, and USB does not require high licensing fees like interfaces such as Thunderbolt. It is also inevitable that the mass interface of the contemporary world uses USB interfaces. Interestingly, we often refer to devices that use USB interfaces as USB devices (but no one calls a hard drive built into a PC as a SATA device or a PCIe device), which is the basis for USB security here.
Because of the widespread use of USB in the modern era, USB devices have become an important carrier for the spread of malicious programs. But if you only say that USB devices are the way to spread malicious programs, then any interface actually has the feasibility of this kind of propagation. For example, U disk can spread the virus, Thunderbolt mobile hard disk is also OK, even the CD can be.
In general, we want to talk about the so-called USB security, not the USB security problem in the data transmission process, or a certain USB interface specification (such as Type-C) a pin has a design defect, but a USB interface or bus As an important way of malicious programs, there are security issues, as well as security issues with USB protocols and drivers.
So for USB security, there are 3 points to talk about. First, USB is a fairly universal standard. The mouse, keyboard, e-cigarette, and external sound card all use USB interface, and plug and play. So in the physical interface, its spread to malicious programs is probably the most efficient except for the network adapter interface. Second, the USB protocol can be exploited by attackers, and this will be the focus of this article. Third, the most advanced USB 0day vulnerability attack.
Autorun.inf era! U disk virus?
In an age when the network is not as prevalent as it is today, removable storage devices are an important way to spread viruses. Is to put malicious programs on the U disk, or mobile hard disk, or even floppy disk - in the process of data exchange between different PCs, you can achieve the role of spreading viruses. More sophisticated malicious programs also need humans to open to run. In an operating system like Windows, in order to enhance the experience, there is an AutoPlay/AutoRun autoplay function for mobile storage media.
The original automatic play function is that the CD/DVD multimedia disc can be inserted and played, and for the Windows installation media, the plug-in can immediately pop up the installer. Most students should know that the autorun.inf file in the root directory of the removable storage medium is responsible for the autoplay function, which opens in the following style:
[autorun] open=setup.exe icon=setup.exe,0label=My install CD
Compared with the CD, the U disk's read/write convenience is obviously better. If the setup.exe here is a virus, then the device will insert the U disk and the system will automatically run the virus. So the virus through the autorun.inf file to achieve the U disk inserted to start the function of malicious programs, it is too convenient. Exchange data between colleagues, everyone's computer plugged in a poisoned U disk, naturally infected. The infected device is re-infected with a new USB flash drive inserted into the device to achieve the purpose of proliferation. 
It can be said that autorun.inf is the most popular U disk virus transmission method in the past. Many U disk virus killing tools are mainly used for autorun.inf. Especially since Windows XP SP2, the system is enabled by default for "USB Mass Storage Device" and ZIP drive. Microsoft saw that the situation was not good. Starting with Windows Vista and Windows Server 2008, the default behavior of the system for inserting a USB flash drive has been changed to ask the user whether to execute the automatic run command. The era of autorun.inf is now almost over.
Will fishing with a USB flash drive be successful?
As mentioned above, the U disk security issue mentioned above is not exclusive to USB devices. Any mobile storage device (even the internal hard disk) has such problems. So in a strict sense, this security problem simply cannot be blamed on the USB header. If you must blame it, as mentioned above, it is just because USB is too common.
At the Black Hat USA 2016 hacking conference that just ended, Google’s anti-fraud research team leader Elie Bursztein shared an issue called “Does dropping USB drives really work?†(Is it really effective to lose a U disk for social worker attacks? He tried to discard 297 U disk discs on the campus of the University of Illinois to see if anyone with curiosity would go back and see what was in the U disk. If Bursztein loses 297 SATA3 hard drives (Lol), the attack method is theoretically the same, but the impact of the attack is so imaginable. It can be seen that the popularity of USB is the basis for us to discuss its security here.
The American Computer Industry Association launched a survey last year that showed that 17% of people connected to a USB device directly connected to the computer - this data may be too conservative. Bursztein's findings were significantly more radical: 135 U-disks (that is, 45%) were connected to the computer after they were taken away. These people also opened the files, and the "malicious programs" on them returned data to Bursztein. .
Fortunately, this is still an experiment, and there is no real "malicious". Bursztein's research team did this: they didn't use autorun.inf, because the current operating system doesn't eat this at all, and the Mac doesn't support the autorun feature. Their method is: fishing.
The research team posted some labels on the 297 U-disks, and even wrote the U disk owner (and the return address). Even in this case, 135 U-disks were opened by curious students. The files in the U disk are confusingly written with the words "final exam" and "confidential". In fact, these files are in HTML format. There is a picture in the file, and the address of the research team server is called - this way The team knew that someone had opened the file.
In addition, after the HTML file is opened, there is a questionnaire to ask these curious baby: You are the U disk that you want to insert! It is true that 20% of the people participated in the survey. More than two-thirds said they actually wanted to return the U disk (Really?), 18% admitted that they were curious, and 14% gave other explanations.
In this case, we can easily see that the success rate of U disk fishing is still quite high. If these HTML files are replaced with malicious programs, or if the questionnaire is changed to a "fishing questionnaire" asking for a user name and password, how many people will be planted in it! In the American drama "Mr Robot", there is a bridge that uses U disk fishing. It seems that this is not just a legend!
U disk attack lore: disguised as a HID device
Still, the above two parts actually talk about USB devices as a carrier for spreading malicious programs, just like U disk fishing, the essence of which is to lose a floppy disk to phishing (Lol), and mail fishing is no different. The original sin is not on the USB device. If you use this method to talk about USB security, there is actually a lot of content to say. For example, USB interface is an important way to invade ATM machines, and USB Key is a security method for data decryption. tool.
So is there any original sin of USB itself? Have! You can start with the USB protocol. USB is not only an MSC (mass storage) device, but the current USB interface supports such a multi-function. The protocol is also very diverse. Naturally, there are not only related MSC protocols, USB Power Delivery (USB Fast Charge Specification), USB OTG (SRP). , HNP protocol, transmission between two peripherals, etc., there is also a USB HID device class protocol. The USB HID here has become the killer of USB device attacks in the past two years.
HID is also the Human Interface Device, which is a device that interacts with people. In fact, USB-HID devices are now quite common, such as USB keyboards, mice, controllers, and so on. How to use this? At the 2014 Black Hat Hacking Conference, security researchers Karsten Nohl and Jakob Lell gave a speech about a somewhat shocking USB attack called BadUSB, which took advantage of HID.
The above is a good metaphysical, so let's take a chestnut again: Have you used the keyboard? Have you tried using a keyboard to perform various system operations without using a mouse? Experienced students should know that it is not difficult. So if there is such a U disk, it can be disguised as a keyboard, and a series of keyboard taps can be executed through a script. Is it possible to control your system? This is actually an example of a USB protocol exploited by the BadUSB attack. The USB disk infected by BadUSB can not only be disguised as a USB keyboard, but also can be disguised as a USB network card - tampering with the DNS, so that all DNS queries can be sent to the attacker's server for redirection attacks.
Once this kind of attack is achieved, the attack method will naturally become very diverse, and only if you can't think of it, the most important thing is cross-platform - because each system platform follows the consistent USB standard. For more information, see our article "Decrypting BadUSB: The World's Most Evil USB Peripherals". 
In general, the U disk is composed of a flash memory part that stores data, and a main control chip, or a control chip. The master chip generally specifies some parts of the unit for storing the firmware driver (it is also true that the master chip itself contains the firmware flash). The firmware here is similar to the operating system, controlling hardware and software interaction. Nohl and Lell spent months working on reverse engineering, and they found that many U-disks could reprogram the firmware (especially the PHISON group's master chip). Users can't see the firmware part at all, and it's very easy to hide the attack code. 
To put it bluntly, BadUSB makes ordinary U-disks become rubber ducks, and even more aggressive. This enhancement is reflected in the camouflage and communication aspects of BadUSB. camouflage! It's easy to understand, it seems to be just a normal U disk, and even if you format the U disk, you can't remove the malicious code, because the malicious code is in the firmware; spread! When Nohl and Lell specifically mentioned in the research report, the biggest threat in BadUSB theory is that after a malicious USB program is infected by a BadUSB device, the computer can also spread the BadUSB to other USB flash drives that are plugged into the computer: a USB flash drive. After inserting this computer, the malicious program on the computer can rewrite the U disk firmware, and the U disk owner will not notice it at all.
In this way, U disk all over the world can be infected by BadUSB in this way, no U disk in the world can be trusted, because there is no anti-virus software can be found. This can even raise a question: Has the USB device reached the point where there is no security at all?
In fact, it is not entirely true. For the U disk firmware, the introduction of an unforgeable cryptographic signature mechanism is a solution to prevent the rewriting of malicious programs. This depends mainly on the flash master chip manufacturer. Because some people accused Nohl that his previous speech on Black Hat was only for the flash master chip of Taiwan Group - so at the end of 2014, Nohl also sampled the master chips of the eight major chip manufacturers: group, Alcor, Renesas, Xiang Shuo (a subsidiary of Asus), Genesis, FTDI, Microchip, Cypress.
It turned out that the situation was extremely complicated. There are indeed some USB master chips that are immune to BadUSB - that is, the firmware cannot be reprogrammed, and the immunized chips account for half of the total number of samples, but the performance of each brand is very unstable. For example, the U disk with the group master chip has the risk of being infected by BadUSB, while Xiang Shuo is completely immune to BadUSB. The Generic USB 2.0 chip is fine, but the updated USB 3.0 chip has problems. The control chips used in other USB hubs, keyboards, cameras, mice, etc. are even more varied. And in fact, even a product of the same model of a USB device manufacturer, they will use different master chips in different batches. For example, there are five or six USB control chips used by Kingston.
After we have to use the U disk, we must first take the U disk apart and see if the model of the main control chip is not available.
As long as it is a USB interface, it is not safe!
I don't know if many of my friends have noticed. Snowden's document that revealed NSA mentioned a device called Cottonmouth (as shown below). This is a USB device that is said to be able to sneak a malicious program to a target device. Although the document does not detail its specific mechanism, Snowden said: "I wouldn't be surprised if the things that Nohl and Lell found were used by the NSA." Perhaps a long time ago, the NSA was already there. So done, then the U disk in our hands... 
In addition to the e-cigarette mentioned at the beginning of the article, at the end of 2014, CCTV exposed “retrofit charging treasure to steal privacyâ€: it seems to be just a charging treasure, but actually has the ability to store data, especially for the encryption mechanism at the time is not so perfect now. iPhone for data theft. Think of it this way, everything around us with USB interface seems to have the possibility of bringing poisonous horses. This world is really cruel - maybe you have been locked by NSA, your mouse will bring APT Trojan... 
Bursztein divided the USB attacks into three categories at Black Hat USA 2016, namely social engineering (discarding U disk), HID camouflage and 0-day exploits. The first two of us have done a simple analysis in the previous article, the last kind of 0-day exploit, he only explained a little, mainly using the 0-day vulnerability of the USB driver, as long as the computer is plugged into the USB device, The computer can be controlled immediately. 
As Nohl said, the best way to protect against USB attacks is to not use USB devices! For this purpose, please seal all the USB ports on the device... Seriously, it is not good because of the waste, but the U disk that is unknown is not even used, and the electronic cigarette is not used. U disk appears on the road, please also Ignore it; don't plug your own USB device into an untrusted host device. What the user can do, probably only has it.
* FreeBuf feature report, author / Ouyang Onion.
HPV35,HPV71,HPV75,HPV90,HPV95,HPV100,HPV132,HPV140,HPV160,HPV165,KPV90,KPV105,KPV90,KPV90,KMF41,KMF125
Be careful with USB devices! It's about your information security and trade secrets
Summary Before the official talk about USB security, it is still a common case to share an interesting case: At the end of 2014, reports from Reddit, a large company executive computer infected with malicious programs. The company's security researchers investigate the source of malicious programs, but check...
Before the official talk about USB security, I still share a very interesting case as usual: At the end of 2014, reports from Reddit, a large company executive computer infected with malicious programs. The company's security researchers investigated the source of the malicious program, but checked all the traditional possible infections and found nothing. So they began to consider other breakthroughs, starting from the diet of the executive, turned over and over to check, and finally found that the problem is actually in the e-cigarette of executives. At this year's Black Hat USA 2016 conference, Elie Bursztein, who shared the loss of U disk, not only did the experiment of losing the U disk, but also taught people how to make a full version of the disguised U disk, the level of detail, from The chip is purchased from the chip to the final U disk, and all the materials used are low-cost ready-made materials (click here).
FreeBuf has also previously published an article titled "Using Arduino to Quickly Make Tennsy BadUSB". Using the Arduino Leonardo MCU (which seems to be slightly more expensive), along with the simple code writing of the Arduino IDE, it has become a U disk that can be disguised as a normal U disk. USB attack device. Who wants to be black in the future, send him a U disk or a charging treasure, which is probably more effective than mail fishing.
The ultimate form of USB attack