Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: USB delivered attacks

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 4 Jun 2004 15:22:25 -0400 (EDT)
On 3 Jun 2004 mak_pen () hotmail com wrote:


In-Reply-To: <40BCBB44.7050202 () linuxbox org>

the mere fact that its usb has nothing to do with the attack its self. what is to blame is that autorun is enabled by 
default on windows XP. that is why the attack works. usb makes it convenient to stick the memmory stick in any 
computer and have the user just open the memmory stick and the attack works and no antivirus or anything detects this 
till now.

in short, 
usb = convenience
autorun = culprit (so to speak)



The moderator is unkind to me, but once again, let me try to state;

This is old news though, security 101 kind of stuff.  Just because a new
toy comes out does not imply it should not play by the rules of the other
toys in the chest. If this is found in an audit then the company that
hired you has real policy issues for you to outline to them and they will
then need to address.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!
Previous By Date Next
Previous By Thread Next

Current thread: