Penetration Testing mailing list archives
RE: USB delivered attacks
From: "Yonatan Bokovza" <Yonatan () xpert com>
Date: Mon, 31 May 2004 17:52:26 +0300
-----Original Message----- From: Jerry Shenk [mailto:jshenk () decommunications com] Sent: Friday, May 28, 2004 05:06 To: pen-test () securityfocus com Subject: USB delivered attacks I recently inserted some guy's USB drive into a machine and was a but surprised when it went into an auto-run sequence. I think turning off auto-run is a REALLY good idea. On a USB drive, it seems like it could be really dangerous. Has anybody messed with this?
I used this attack with autorun on a CD-ROM. This is why disabling autoruns should be a part of any hardening process. It is also another good reason to keep physical security tight. http://support.microsoft.com/support/kb/articles/Q155/2/17.ASP Best Regards, Yonatan Bokovza IT Security Consultant Xpert Systems
Current thread:
- RE: USB delivered attacks Yonatan Bokovza (May 31)