From: Balaji Prasad (bp1974@comcast.net)
Date: Mon May 31 2004 - 18:09:01 EDT
USB by design is meant to autodetect and autorun. I think the security is
compromised when you connect untrusted devices to your computer.
I can think of atleast 1 service (terminal services) that allow you to run
processes with the screen locked. I presume "autorun" will work under a
locked screen.
A more generic solution would be to have all removable storage devices
mounted as "non-executable". It is trivially done in unix. Not sure how to
do this in Windows.
----- Original Message -----
From: "Jerry Shenk" <jshenk@decommunications.com>
To: <pen-test@securityfocus.com>
Sent: Thursday, May 27, 2004 7:06 PM
Subject: USB delivered attacks
> I recently inserted some guy's USB drive into a machine and was a but
> surprised when it went into an auto-run sequence. I think turning off
> auto-run is a REALLY good idea. On a USB drive, it seems like it could
> be really dangerous. Has anybody messed with this?
>
> One possible scenario:
> - Have a USB drive with a few tools on it.
> - Have an auto-run configured to run pwdump and dump the SAM to the USB
> drive
>
> It seems that this attack would work with a machine that was locked from
> the console. Does 'autorun' still work under a locked screen? With
> this USB drive being writeable, it would seem that some scripted attack
> to extract information from a machine could be amazingly fruitful....the
> possibilities are almost endless.
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT