Re: Security with USB Devices

From: Michael Parker (mparker@rim.com)
Date: Tue Jul 26 2005 - 18:05:13 EDT

• Next message: Terry Vernon: "Re: Security with USB Devices"
• Previous message: Michael Sierchio: "Re: verify HTTPS 'vulnerabilities'"
• Maybe in reply to: NewYork User: "Security with USB Devices"
• Next in thread: Calum Power: "Re: Security with USB Devices"
• Reply: Calum Power: "Re: Security with USB Devices"
• Reply: Frederic Charpentier: "Re: Security with USB Devices"
• Reply: AdamT: "Re: Security with USB Devices"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There was recently (Monday of this week) a vulnerability disclosed with regards to a flaw in the USB driver that affected Windows systems (verified) and *nix systems (suspected). I don't have a directlink but it was on slashdot.

Michael Parker, BA (Hon), GSEC, MBCS

Information Security Coordinator
Research In Motion

Phone: 519.888.7465
Cell: 519.573.4782
mparker@rim.com

-----Original Message-----
From: NewYork User <newyorkuser@gmail.com>
To: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Tue Jul 26 10:51:40 2005
Subject: Security with USB Devices

List,

Does any one know a good program to "autorun" from USB drive on a
windows 2000 or an XP machine? I have tried the traditional
Autorun.inf but didn't have any luck. I looked up in google but
couldn't find any useful stuff. I saw some commercial programs to use
for backup etc..But its not of any use if I want to prove my point
that data can be vulnerable if use of USB drives is not restricted
either by using a program or any kind of security control. I created a
simple batch file to open up a Netcat listener. It is pretty common
for the users lock their machines and leave their desks. I'm looking
for any kind of scripts that can run a batch file automatically or can
copy the data automatically. Any ideas?

Thanks for your help.

---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.

• Next message: Terry Vernon: "Re: Security with USB Devices"
• Previous message: Michael Sierchio: "Re: verify HTTPS 'vulnerabilities'"
• Maybe in reply to: NewYork User: "Security with USB Devices"
• Next in thread: Calum Power: "Re: Security with USB Devices"
• Reply: Calum Power: "Re: Security with USB Devices"
• Reply: Frederic Charpentier: "Re: Security with USB Devices"
• Reply: AdamT: "Re: Security with USB Devices"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:38 EDT