#swagfail

Put me out to pasture, my conference swag skills are failing.

I picked this up at Solar Power International:

I thought I was picking up a USB memory stick, as I’d nabbed one in the same form factor before. Break off the backing card at the hinge, and you’ve got a nice tiny data store like the Kingmax ones I used to use.

On plugging it into my Mac, a couple of icons bipped on my dock, then Skype opened. Wat? More importantly, there was no storage to be seen, so once my virus fears had subsided a bit, I was determined to find out what this pointless piece of plastic was doing.

The stick identified itself to the system as an Apple keyboard (USB ID 05ac:020b), and spits out the following characters (captured by cat and xxd on my Raspberry Pi):

0000000: 1b72 1b5b 317e 1b5b 3477 7777 2e62 757a  .r.[1~.[4www.buz
0000010: 7a63 6172 642e 7573 2f73 6365 2d32 3230  zcard.us/sce-220
0000020: 0a                                       .

After reading about evil USB dongles, it seems that the Ctrl-R keypress it’s sending is the Windows “Open Browser” command, and then opens the url www.buzzcard.us/sce-220. This link redirects to www.plugyourbrand.com/gosolar_sce/index.html?u=220, which appears to do some Flash/JS stuff which I don’t want to understand.

The funny thing is, the card has the perfectly respectable www.GoSolarCalifornia.ca.gov (well, respectable if you consider a US .gov website as such) link printed on it. Even printing a card with a QR code linking to that address would be less opaque.

(This is not a link to goatse, honest.)

As is, a bunch of plastic was wasted in vain just to save people typing an URL. We’re all going to die, and it really is your fault …