Penetration Testing mailing list archives
Re: Security with USB Devices
From: "J. Theriault" <administrator () maginetworks com>
Date: Thu, 04 Aug 2005 13:22:59 +0200
Kurt Buff wrote:
Ye Gods! Doesn't this make anyone even a little nervous? Autorun from a CD drive is bad enough, dontcha think? Being able to walk up to a machine and stick that in the port and autoinfect, or worse autocopy, seems to be a huge risk to me.
You need to be logged in as an Administrator to install hardware devices, by default, in Windows... And this kind of attack has been around for years (a small few-MB stick is overkill for a small script calling a local exploit and then running, say, pwdump2, and then bmail-ing the output to a remote mail server <total required size = about 50k>)...
J. Theriault administrator () maginetworks com ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: Security with USB Devices H D Moore (Aug 02)
- Re: Security with USB Devices Kurt Buff (Aug 03)
- Re: Security with USB Devices J. Theriault (Aug 04)
- Re: Security with USB Devices xyberpix (Aug 06)
- <Possible follow-ups>
- RE: Security with USB Devices Alan Davies (Aug 04)
- Re: Security with USB Devices Jeff Shawgo (Aug 05)
- Re: Security with USB Devices Thor (Hammer of God) (Aug 06)
- Re: Security with USB Devices soccer4net () netzero com (Aug 06)
- Re: Security with USB Devices Kurt Buff (Aug 03)