RE: USB delivered attacks

From: Yonatan Bokovza (Yonatan@xpert.com)
Date: Mon May 31 2004 - 10:52:26 EDT

• Next message: Al Smolkin: "RE: Wireless wep crackin on windows"
• Previous message: Jerry Shenk: "USB delivered attacks"
• Maybe in reply to: Jerry Shenk: "USB delivered attacks"
• Next in thread: Gadi Evron: "Re: USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: Jerry Shenk [mailto:jshenk@decommunications.com]
> Sent: Friday, May 28, 2004 05:06
> To: pen-test@securityfocus.com
> Subject: USB delivered attacks
>
>
> I recently inserted some guy's USB drive into a machine and was a but
> surprised when it went into an auto-run sequence. I think turning off
> auto-run is a REALLY good idea. On a USB drive, it seems
> like it could
> be really dangerous. Has anybody messed with this?

I used this attack with autorun on a CD-ROM.
This is why disabling autoruns should be a part of any hardening
process. It is also another good reason to keep physical security tight.

http://support.microsoft.com/support/kb/articles/Q155/2/17.ASP

Best Regards,

Yonatan Bokovza
IT Security Consultant
Xpert Systems

• Next message: Al Smolkin: "RE: Wireless wep crackin on windows"
• Previous message: Jerry Shenk: "USB delivered attacks"
• Maybe in reply to: Jerry Shenk: "USB delivered attacks"
• Next in thread: Gadi Evron: "Re: USB delivered attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT