USB delivered attacks

From: Jerry Shenk (jshenk@decommunications.com)
Date: Thu May 27 2004 - 22:06:00 EDT

• Next message: Yonatan Bokovza: "RE: USB delivered attacks"
• Previous message: Al Smolkin: "RE: Wireless wep crackin on windows"
• In reply to: Alfred Huger: "List Closure From May 28 - May 30"
• Next in thread: Yonatan Bokovza: "RE: USB delivered attacks"
• Maybe reply: Yonatan Bokovza: "RE: USB delivered attacks"
• Reply: Gadi Evron: "Re: USB delivered attacks"
• Reply: Balaji Prasad: "Re: USB delivered attacks"
• Maybe reply: Steven A. Fletcher: "RE: USB delivered attacks"
• Maybe reply: Steven A. Fletcher: "RE: USB delivered attacks"
• Reply: H D Moore: "Re: USB delivered attacks"
• Maybe reply: Fred Gravel: "Re: USB delivered attacks"
• Maybe reply: mak_pen@hotmail.com: "Re: USB delivered attacks"
• Maybe reply: randori _/_: "Re: USB delivered attacks"
• Maybe reply: Peter Harmsen: "Re:USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I recently inserted some guy's USB drive into a machine and was a but
surprised when it went into an auto-run sequence. I think turning off
auto-run is a REALLY good idea. On a USB drive, it seems like it could
be really dangerous. Has anybody messed with this?

One possible scenario:
- Have a USB drive with a few tools on it.
- Have an auto-run configured to run pwdump and dump the SAM to the USB
drive

It seems that this attack would work with a machine that was locked from
the console. Does 'autorun' still work under a locked screen? With
this USB drive being writeable, it would seem that some scripted attack
to extract information from a machine could be amazingly fruitful....the
possibilities are almost endless.

• Next message: Yonatan Bokovza: "RE: USB delivered attacks"
• Previous message: Al Smolkin: "RE: Wireless wep crackin on windows"
• In reply to: Alfred Huger: "List Closure From May 28 - May 30"
• Next in thread: Yonatan Bokovza: "RE: USB delivered attacks"
• Maybe reply: Yonatan Bokovza: "RE: USB delivered attacks"
• Reply: Gadi Evron: "Re: USB delivered attacks"
• Reply: Balaji Prasad: "Re: USB delivered attacks"
• Maybe reply: Steven A. Fletcher: "RE: USB delivered attacks"
• Maybe reply: Steven A. Fletcher: "RE: USB delivered attacks"
• Reply: H D Moore: "Re: USB delivered attacks"
• Maybe reply: Fred Gravel: "Re: USB delivered attacks"
• Maybe reply: mak_pen@hotmail.com: "Re: USB delivered attacks"
• Maybe reply: randori _/_: "Re: USB delivered attacks"
• Maybe reply: Peter Harmsen: "Re:USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT