Full Disclosure mailing list archives
Re: Re: USB risks (continued)
From: Harlan Carvey <keydet89 () yahoo com>
Date: Sat, 19 Jun 2004 04:29:25 -0700 (PDT)
I agree, the use of USB-connected devices is nothing new. They make a very unobtrusive delivery system, as well as a great way to load vast amounts of data into an extremely small space to get information out of an organization. But you know something, that's not really the point. Yes, this is an old concern. It goes right up there w/ digital camera-enabled cell phones and variety of other security risks. I've been after one thing from the beginning...information. Evil Wrangler said that information should be free, but when I asked him some questions, all I got back was, "what...never heard of hacking??" In his 2600 article, EW stated that he plugged a USB device into a friend's computer, and the autorun.inf file was automatically parsed and commands within the "open=" line of that file were automatically run. According to documentation at MS, by default, this should not be possible. The NoDriveTypeAutorun key within the Registry allows CDs to run the autorun.inf file, but not removeable drive types, such as floppies and USB thumb drives. I have asked for specifics such as manufacturer and model number of the device used, specific information regarding drivers loaded, etc. After all, EW says that "information should be free", but I certainly don't see him freeing any information. If anyone has any information that can be used in repeatable experiments, I'd appreciate hearing from you. Thanks, Harlan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- USB Auto run function martin paul (Jun 17)
- Re: USB Auto run function Harlan Carvey (Jun 17)
- Re: USB Auto run function Lan Guy (Jun 17)
- Re: USB Auto run function Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 17)
- <Possible follow-ups>
- Re: USB Auto run function Oscar Fajardo Sanchez (Jun 18)
- Re: USB Auto run function Harlan Carvey (Jun 18)
- USB risks (continued) Gadi Evron (Jun 18)
- Re: USB risks (continued) RSnake (Jun 19)
- Re: Re: USB risks (continued) Harlan Carvey (Jun 19)
- Re: Re: USB risks (continued) Jp Wise (Jun 19)
- Re: USB risks (continued) Kevin Davis (Jun 19)
- Re: USB risks (continued) Chris Withers (Jun 28)
- Re: Re: USB risks (continued) RSnake (Jun 28)
- Re: Re: USB risks (continued) Sam (Jun 28)
- Re: USB Auto run function Harlan Carvey (Jun 18)