RE: Hidden Copying Software

["Steve Armstrong" <stevearmstrong () logicallysecure com>]

Rocky

It depends on the network.  If the LAN is configured with no security
(an University ones often are), he may have had his USB drive mounted
shared across the LAN almost automatically.  

Alternatively, if it was a targeted attack, a student may have obtained
admin rights on the LAN and then waited for the Prof to connect the USB
drive.  Once connected the admin-student could copy the contents
anywhere.

I used to have a script I ran once I connected a USB drive to my
machine, it 'backed-up' the contents of the drive to a 'temp' folder on
my system.  I used it to sync files and other things.  They are not hard
to write and on USB v2 very fast - even on big drives.


Steve A
 

-----Original Message-----
From: Rocky [mailto:pixscreenpoint () gmail com] 
Sent: 24 July 2006 14:20
To: pen-test () securityfocus com
Subject: Hidden Copying Software

Hi list,

A friend of mine who is a medical professor asked me if it is possible
to copy his usb thumb drive from their class room pc without knowing it?
he told me maybe there's a hidden software that copying it in the
background?

His exam from his usb thumbdrive was exposed all over to his student.I
told him that you need a very high tech software or expensive to do it?
Is any such software capable of this? this some kind of impossible task
in my views.

Thanks.

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------