From: Kurt Seifried (bt@seifried.org)
Date: Fri Jun 04 2004 - 17:13:36 EDT
Several things come to mind:
Autorun - easy, just plug and play so to speak.
Bootable USB device - usb keys are smaller then cd's, but you may have to
diddle the BIOS (assuming it supports booting from USB, most anything recent
will, there was an article about Ford and Dell making this the default for
Ford to make maintenance easier).
Web page or XSS attack, plug a USB key into a user's machine, chances are
they won't physically notice if it's around the back, then send them an
email, the program/etc should run in the local security zone/my computer
security zone context. Poor man's keyghost perhaps?
There was a good review of USB keys, including which ones are bootable at:
http://arstechnica.com/reviews/004/flash/flash-1.html
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT