Penetration Testing mailing list archives
Re: Security with USB Devices
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Wed, 27 Jul 2005 10:33:25 +0200
Hi list ! The Usb drivers flaws : http://www.eweek.com/article2/0,1759,1840131,00.asp A commercial USB with autorun feature : http://www.udrw.com/ Fred. -- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com Michael Parker wrote:
There was recently (Monday of this week) a vulnerability disclosed with regards to a flaw in the USB driver that affected Windows systems (verified) and *nix systems (suspected). I don't have a directlink but it was on slashdot.Michael Parker, BA (Hon), GSEC, MBCS Information Security Coordinator Research In Motion Phone: 519.888.7465 Cell: 519.573.4782 mparker () rim com -----Original Message----- From: NewYork User <newyorkuser () gmail com> To: pen-test () securityfocus com <pen-test () securityfocus com> Sent: Tue Jul 26 10:51:40 2005 Subject: Security with USB DevicesList,Does any one know a good program to "autorun" from USB drive on a windows 2000 or an XP machine? I have tried the traditional Autorun.inf but didn't have any luck. I looked up in google but couldn't find any useful stuff. I saw some commercial programs to use for backup etc..But its not of any use if I want to prove my point that data can be vulnerable if use of USB drives is not restricted either by using a program or any kind of security control. I created a simple batch file to open up a Netcat listener. It is pretty common for the users lock their machines and leave their desks. I'm looking for any kind of scripts that can run a batch file automatically or can copy the data automatically. Any ideas? Thanks for your help. --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
-- Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
Current thread:
- Security with USB Devices NewYork User (Jul 26)
- Re: Security with USB Devices Terry Vernon (Jul 26)
- RE: Security with USB Devices Damien Lewis (Jul 26)
- Re: Security with USB Devices Anders Thulin (Jul 27)
- Re: Security with USB Devices Koolk3 (Jul 27)
- <Possible follow-ups>
- Re: Security with USB Devices Michael Parker (Jul 26)
- Re: Security with USB Devices Calum Power (Jul 26)
- Re: Security with USB Devices Frederic Charpentier (Jul 27)
- Re: Security with USB Devices NewYork User (Jul 29)
- Re: Security with USB Devices AdamT (Jul 27)
- RE: Security with USB Devices Todd Towles (Jul 27)
- RE: Security with USB Devices Michael Parker (Jul 27)