From: J. Theriault (administrator@maginetworks.com)
Date: Thu Aug 04 2005 - 07:22:59 EDT
Kurt Buff wrote:
> Ye Gods! Doesn't this make anyone even a little nervous? Autorun from a
> CD drive is bad enough, dontcha think? Being able to walk up to a
> machine and stick that in the port and autoinfect, or worse autocopy,
> seems to be a huge risk to me.
You need to be logged in as an Administrator to install hardware
devices, by default, in Windows... And this kind of attack has been
around for years (a small few-MB stick is overkill for a small script
calling a local exploit and then running, say, pwdump2, and then
bmail-ing the output to a remote mail server <total required size =
about 50k>)...
J. Theriault
administrator@maginetworks.com
------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:
http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:41 EDT