Full Disclosure mailing list archives
Re: Re: USB risks (continued)
From: RSnake <rsnake () shocking com>
Date: Mon, 28 Jun 2004 09:03:12 -0700 (PDT)
Of course it's not. That's just Microsoft's explination. There's no good reason, just a vague distinction. My only point is that it isn't a reliable attack vector, unlike an onboard CDROMs (the media, not the device must be removable). Here is how Microsoft defines it on their usbfaq page (sorry, the links are broken, I just cut and pasted from http://www.microsoft.com/whdc/device/storage/usbfaq.mspx): Q: What must I do to trigger Autorun on my USB storage device? If you need to make a USB storage device that executes Autorun, the following two conditions must both be true: . Media must be marked as removable. . The device can be set to either static or removable. We associate the "removable" nature of a device with the bus that it resides on. This means that a disk on an Integrated Device Electronics (IDE) or SCSI bus would be considered fixed, whereas a disk on a USB or IEEE 1394 bus would be regarded as removable by default. PnP uses a bit in the DEVICE_CAPABILITIES structure to determine this. For more information, see the DEVICE_CAPABILITIES Plug and Play Structure in the Windows DDK, located at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmarch/hh/kmarch/k112_22r6.asp. The "removable" nature of media is a property of the device. For example, in the case of a CD-ROM or a ZIP drive, the medium can be removed without the device itself going away, but on the other hand the medium and the disk cannot be separated on static storage PC cards. We obtain this information by using the StorageDeviceProperty request. For more information, see the STORAGE_DEVICE_DESCRIPTOR Storage Structure in the Windows DDK, located at http://msdn.microsoft.com/library/en-us/storage/hh/storage/k306_00qa.asp. On Mon, 28 Jun 2004, Chris Withers wrote: | Date: Mon, 28 Jun 2004 11:59:11 +0100 | From: Chris Withers <chris () simplistix co uk> | To: RSnake <rsnake () shocking com> | Cc: Gadi Evron <ge () egotistical reprehensible net>, | Harlan Carvey <keydet89 () yahoo com>, full-disclosure () lists netsys com, | bugtraq () securityfocus com | Subject: [Full-disclosure] Re: USB risks (continued) | | RSnake wrote: | > writeable, but the drives aren't removeable on CDs. That of course isn't true | > if you have a USB drive, but I think part of the deal there is that you need to | > install special drivers to even read USB CD drives. | | ...that's not true ;-) | | Chris | | -- | Simplistix - Content Management, Zope & Python Consulting | - http://www.simplistix.co.uk | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.netsys.com/full-disclosure-charter.html | -R The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is expressly prohibited and may be unlawful. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: USB Auto run function, (continued)
- Re: USB Auto run function Lan Guy (Jun 17)
- Re: USB Auto run function Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 17)
- Re: USB Auto run function Oscar Fajardo Sanchez (Jun 18)
- Re: USB Auto run function Harlan Carvey (Jun 18)
- USB risks (continued) Gadi Evron (Jun 18)
- Re: USB risks (continued) RSnake (Jun 19)
- Re: Re: USB risks (continued) Harlan Carvey (Jun 19)
- Re: Re: USB risks (continued) Jp Wise (Jun 19)
- Re: USB risks (continued) Kevin Davis (Jun 19)
- Re: USB risks (continued) Chris Withers (Jun 28)
- Re: Re: USB risks (continued) RSnake (Jun 28)
- Re: Re: USB risks (continued) Sam (Jun 28)
- Re: USB Auto run function Harlan Carvey (Jun 18)