Penetration Testing mailing list archives
RE: Security with USB Devices
From: "Michael Parker" <mparker () rim com>
Date: Wed, 27 Jul 2005 11:45:12 -0400
Remember though that if you have physical access to this machine, it's already in a seriously compromised position. If you are going to limit the USB drive, you also need to secure the floppy drive (if still present) and the cd/dvd drive. -----Original Message----- From: AdamT [mailto:adwulf () gmail com] Sent: Wednesday, July 27, 2005 10:57 AM To: pen-test () securityfocus com Subject: Re: Security with USB Devices On 7/26/05, Michael Parker <mparker () rim com> wrote:
There was recently (Monday of this week) a vulnerability disclosed
with regards to a flaw in the USB driver that affected Windows systems (verified) and *nix systems (suspected). I don't have a directlink but it was on slashdot.
The slashdot article is at: http://hardware.slashdot.org/article.pl?sid=05/07/24/069210&from=rss The original article (TFA in slashdot parlance) is at: http://www.eweek.com/article2/0,1895,1840141,00.asp The vulnerability might be around for a while: from TFA: "I was really looking to them to address this issue, but Microsoft feels that this is a hardware issue and doesn't see it as a problem," he said. Also - if you're trying to get autorun.inf on a mass storage device, remember that the file called in autorun.inf has to be a .exe or it won't work. -- AdamT "Maidenhead is *not* in Kent" --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
Current thread:
- Re: Security with USB Devices, (continued)
- Re: Security with USB Devices Terry Vernon (Jul 26)
- RE: Security with USB Devices Damien Lewis (Jul 26)
- Re: Security with USB Devices Anders Thulin (Jul 27)
- Re: Security with USB Devices Koolk3 (Jul 27)
- Re: Security with USB Devices Michael Parker (Jul 26)
- Re: Security with USB Devices Calum Power (Jul 26)
- Re: Security with USB Devices Frederic Charpentier (Jul 27)
- Re: Security with USB Devices NewYork User (Jul 29)
- Re: Security with USB Devices AdamT (Jul 27)
- RE: Security with USB Devices Todd Towles (Jul 27)
- RE: Security with USB Devices Michael Parker (Jul 27)