Re: USB Storage Devices

["Tupker, Mike" <mtupker () MTMERCY EDU>]

I know usb information stealers, or usb switchblades as I've heard them called, have been around for a while. Or are 
you referring to something else? Could you post a link to the article?

There isn't really much that we can do about regulating USB devices since college students tend to use them for storing 
all their important homework documents. Our anti-malware software seems to be able to stop most of the information 
stealers though. We also configure our lab group policy not store passwords, web history, etc... That way if someone 
does manage to get one of those apps to run, there isn't much on the PC to harvest. Those combined have worked pretty 
well for us.

I'd also be interested in hearing what other people are doing to combat this particular sort of thing.

Mike Tupker
Systems Administrator
Mount Mercy College
Office: (319) 363-1323 x1401
Mobile: (319) 538-1644
If you need assistance with an computer issue please contact the helpdesk at x4357 or http://help.mtmercy.edu.


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Douglas 
Gale
Sent: Wednesday, December 03, 2008 12:48 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] USB Storage Devices

CERT recently issued a warning about malicious code propagating via USB flash drive devices and the Defense Department 
suspended “usage of all USB storage media until the USB devices are properly scanned and determined to be free of 
malware,"

Have any campuses experienced problems or developed any policies or procedures regarding the use of USB storage devices?

Doug Gale