From: Melissa (missy.augustine@gmail.com)
Date: Mon Feb 26 2007 - 22:38:33 EST
Might not be the exact article, but its strange as I just cited it for a
paper this morning :)
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of crazy frog crazy frog
Sent: Sunday, February 25, 2007 8:47 AM
To: Liam Downward
Cc: toggmeister@vulnerabilityassessment.co.uk; pen-test@securityfocus.com
Subject: Re: Penetration Testing Framework 0.24 released
yeah,i read about this attack somewhere.
On 2/25/07, Liam Downward <ldownward@pervasivesolutions.net> wrote:
> A possible addition for Social Engineering is to gain entrance to a
> network via "Human curiosity" with the use of USB thumb drives that can
> be of any size (64mb, 512mb etc), that can be strategically dropped in
> employee area's like, kitchens, parking lots, and or doctor lounges
> etc...
>
> The USB thumb drive contains a simple application that is hidden and it
> can capture simple information of the network or you can have the
> application install a keylogger to capture usernames/passwords etc... to
> show the company in question how simple it is to gather information
> about the network for an attack or to turn machines into bots
>
> The application is initiated when an employee has found a USB thumb
> drive and their curiosity gets the better of them. Then they plug the
> USB thumb drive into their workstation or laptop to see what is on the
> USB thumb drive. This is when the hidden application on the USB thumb
> drive is executed via two methods:
>
> 1. If the machine in which the USB thumb drive is plugged into has
> AutoRun enabled the app will execute.
> 2. If AutoRun is not enabled then there is shortcuts on the USB thumb
> drive to entice the employee to click, which will execute the hidden
> application. Below are some examples of embedded shortcuts:
>
> Resume.doc
> Company Payscale.xls
> Johnny Cash (I Walk the Line).mp3
>
> The application will encrypt the information captured and email to the
> testers for review, then the application along with the embedded
> shortcuts will delete themselves from the USB thumb drive.
>
>
> Liam Downward
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of crazy frog crazy frog
> Sent: Saturday, February 24, 2007 9:58 AM
> To: toggmeister@vulnerabilityassessment.co.uk
> Cc: pen-test@securityfocus.com
> Subject: Re: Penetration Testing Framework 0.24 released
>
> good work :)
>
> On 23 Feb 2007 11:43:22 -0000,
> toggmeister@vulnerabilityassessment.co.uk
> <toggmeister@vulnerabilityassessment.co.uk> wrote:
> > Hi all,
> > The latest version of the Penetration Test Framework has been
> released and can be found at:
> >
> > http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
> >
> > (Pdf version also available)
> >
> > Any additions/ suggestions would be gratefully received.
> >
> > The next release 0.25 should include a Wireless Pen Test add-on, with
> the assistance from the guys at http://www.wirelessdefence.org and
> hopefully a much extended cisco section that Lee is busy putting
> together.
> >
> > Rgds
> >
> > Toggmeister a.k.a Kev Orrey
> > http://www.vulnerabilityassessment.co.uk
> >
> > ----------------------------------------------------------------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=70
> > 1600000008bOW
> > ----------------------------------------------------------------------
> > --
> >
> >
>
>
> --
> ---------------------------------------
> http://www.secgeeks.com
> get a blog on secgeeks :)
> register here:-
> http://secgeeks.com/user/register
> rss feeds :-
> http://secgeeks.com/node/feed
> Submit you security articles,send them to secgeek@secgeeks.com
>
> http://www.newskicks.com
> Submit and kick for new stories from all around the world.
> ---------------------------------------
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>
-- --------------------------------------- http://www.secgeeks.com get a blog on secgeeks :) register here:- http://secgeeks.com/user/register rss feeds :- http://secgeeks.com/node/feed Submit you security articles,send them to secgeek@secgeeks.com http://www.newskicks.com Submit and kick for new stories from all around the world. --------------------------------------- ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000 0008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:36 EDT