Full Disclosure mailing list archives
Re: USB Auto run function
From: Ron DuFresne <dufresne () winternet com>
Date: Fri, 18 Jun 2004 11:49:20 -0500 (CDT)
And boild down to pretty much this;; This is old news though, security 101 kind of stuff. Just because a new toy comes out does not imply it should not play by the rules of the other toys in the chest. If this is found in an audit then the company that hired you has real policy issues for you to outline to them and they will then need to address. Thanks, Ron DuFresne On Fri, 18 Jun 2004, Oscar Fajardo Sanchez wrote:
This issue has been discused in pentest list. Take a look at: http://archives.neohapsis.com/archives/sf/pentest/2004-05/0136.html Regards. ----- Original Message ----- From: "Aditya, ALD [ Aditya Lalit Deshmukh ]" <aditya.deshmukh () online gateway technolabs net> Date: Friday, June 18, 2004 10:36 am Subject: Re: [Full-disclosure] USB Auto run functionI have been interested in a potential exploit that may or maynot be anissue, I read lately that a potential malicious file could entera systemvia a USB Memory stick with a structured autorun.pif , and thisfile wouldoperate even if the screen lock is activated .this is true only for cdroms where the autorun has been enabled, winxp does scan for the removable drives but does not run the program based on the autorun but the type of files on the reemovable drive -aditya ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ éb½êÞvë"axZÞx÷«²ÚGb¶*'¡ó[kj¯ðÃæj)mªÿrÿ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html----------------------------------------------------------------- This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. "Este mensaje y los ficheros adjuntos pueden contener información confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente. Pueden estar protegidos por secreto profesional Si usted recibe este correo electrónico por error, gracias de informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos Origin no se hace responsable por su contenido. Su contenido no constituye ningún compromiso para el grupo Atos Origin, salvo ratificación escrita por ambas partes. "Aunque se esfuerza al máximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no será responsable de cualesquiera daños que puedan resultar de una transmisión de virus" ------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: USB Auto run function, (continued)
- Re: USB Auto run function Oscar Fajardo Sanchez (Jun 18)
- Re: USB Auto run function Harlan Carvey (Jun 18)
- USB risks (continued) Gadi Evron (Jun 18)
- Re: USB risks (continued) RSnake (Jun 19)
- Re: Re: USB risks (continued) Harlan Carvey (Jun 19)
- Re: Re: USB risks (continued) Jp Wise (Jun 19)
- Re: USB risks (continued) Kevin Davis (Jun 19)
- Re: USB risks (continued) Chris Withers (Jun 28)
- Re: Re: USB risks (continued) RSnake (Jun 28)
- Re: Re: USB risks (continued) Sam (Jun 28)
- Re: USB Auto run function Harlan Carvey (Jun 18)
- Re: USB Auto run function Oscar Fajardo Sanchez (Jun 18)