Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: USB delivered attacks

From: "Yonatan Bokovza" <Yonatan () xpert com>
Date: Mon, 31 May 2004 17:52:26 +0300
-----Original Message-----
From: Jerry Shenk [mailto:jshenk () decommunications com]
Sent: Friday, May 28, 2004 05:06
To: pen-test () securityfocus com
Subject: USB delivered attacks


I recently inserted some guy's USB drive into a machine and was a but
surprised when it went into an auto-run sequence.  I think turning off
auto-run is a REALLY good idea.  On a USB drive, it seems 
like it could
be really dangerous.  Has anybody messed with this?


I used this attack with autorun on a CD-ROM.
This is why disabling autoruns should be a part of any hardening
process. It is also another good reason to keep physical security tight.

http://support.microsoft.com/support/kb/articles/Q155/2/17.ASP

Best Regards, 

Yonatan Bokovza
IT Security Consultant
Xpert Systems
Previous By Date Next
Previous By Thread Next

Current thread: