Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: USB delivered attacks

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 01 Jun 2004 19:19:45 +0200
Steven A. Fletcher wrote:


Recently, I heard someone mention and interesting way to get people to
insert such a CD.  He said that he would leave a CD lying around in the
bathroom that was labeled something like "Quarter 4 Raises" or "Quarter
4 Layoffs".  Of course, this tempted people and someone would eventually
pick up the CD and put it in their computer.

In some ways, I'm sort of disappointed to hear that locking the screen
prevents autorun from happening.  That would have been an interesting
way to show people just how insecure their computers really are.  :)

Steve
A very old boss of mine tried the same thing, only with floppies. He made call-home floppies and left them lying around in weird places.
Every single one of the floppies were inserted and the executable was run (if memory serves). 

        Gadi Evron.

--
Email: ge () linuxbox org.  Work: gadie () cbs gov il. Backup: ge () warp mx dk.
Phone: +972-50-428610 (Cell).

PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104  C0D0 A7B3 1CF7 D921 6A06
GPG key for encrypted email: http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc 
ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA  569A A87E 8DB7 06C7 D450
Previous By Date Next
Previous By Thread Next

Current thread: