USB delivered attacks

["Jerry Shenk" <jshenk () decommunications com>]

I recently inserted some guy's USB drive into a machine and was a but
surprised when it went into an auto-run sequence.  I think turning off
auto-run is a REALLY good idea.  On a USB drive, it seems like it could
be really dangerous.  Has anybody messed with this?

One possible scenario:
- Have a USB drive with a few tools on it.
- Have an auto-run configured to run pwdump and dump the SAM to the USB
drive

It seems that this attack would work with a machine that was locked from
the console.  Does 'autorun' still work under a locked screen?  With
this USB drive being writeable, it would seem that some scripted attack
to extract information from a machine could be amazingly fruitful....the
possibilities are almost endless.