Penetration Testing mailing list archives
Re: Security with USB Devices
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 5 Aug 2005 10:40:20 -0700
The same goes for USB drivers (and printer drivers). If it's in the default Windows driver.cab (I belive) then you're golden. When you add a new device to a machine, sometimes you need to provide a driver, and sometimes you don't. That's why.
Further, regular users in a domain can add new printer drivers by default though you can easily prevent this with group policy. I brought this up several years ago in regard to delivering a kernel mode rootkit via a printer driver by a non-admin user, but I've not seen anyone code it up yet.
t
------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: Security with USB Devices H D Moore (Aug 02)
- Re: Security with USB Devices Kurt Buff (Aug 03)
- Re: Security with USB Devices J. Theriault (Aug 04)
- Re: Security with USB Devices xyberpix (Aug 06)
- <Possible follow-ups>
- RE: Security with USB Devices Alan Davies (Aug 04)
- Re: Security with USB Devices Jeff Shawgo (Aug 05)
- Re: Security with USB Devices Thor (Hammer of God) (Aug 06)
- Re: Security with USB Devices soccer4net () netzero com (Aug 06)
- Re: Security with USB Devices Kurt Buff (Aug 03)