Well that's a bit of a mouthful of a reply that I don't have time to compose a similarly lengthy reply to, however on a couple of issues :
If it were easy to foresee this kind of problem, it wouldn't be a problem because many persons and enterprises would have acted to avoid or control the flaw.
Not really. As with many protocols and other interconnectivity in IT, security doesn't form part of the specification. Given the tight-margin and sales-led nature of the IT industry, as well as the requirement for interoperability, the majority of manufacturers do a minimum design to the specification and do not go into depth on security.
Do you know how much an in-depth EAL style security audit costs and how much work is involved ? When you're talking about cheap embedded components like USB there is not really much scope for that.
Your dismissive comment misses, misinterprets and trivializes the core problem identified and briefly described by Mr. Greenberg in the reference. Did you actually read it?
It is not a dismissive comment, it is realistic. If something involves the running of firmware, microcode or whatever you want to call it, then there are inherently possibilities for exploitation. Its simply a case of not if but when !
Unless you go all the way up to EAL7 where an obsessively rigorous formal design methodology is required, there are always going to be risks.
that a SINGLE insertion of a thus-hacked USB memory or peripheral into a computer system can permanently
Which is why only utter morons plug an untrusted USB into a computer.
There is an old saying in IT security ....
once the attacker has physical access to the computer/server/laptop/whatever device then it's game over !
This USB scare is really not much different than the Windows autorun virus debacle of a few years back !