Penetration Testing mailing list archives

Re: Security with USB Devices

From: AdamT <adwulf () gmail com>
Date: Wed, 27 Jul 2005 15:56:37 +0100

On 7/26/05, Michael Parker <mparker () rim com> wrote:

There was recently (Monday of this week) a vulnerability disclosed with regards to a flaw in the USB driver that 
affected Windows systems (verified) and *nix systems (suspected). I don't have a directlink but it was on slashdot.

The slashdot article is at:
http://hardware.slashdot.org/article.pl?sid=05/07/24/069210&from=rss

The original article (TFA in slashdot parlance) is at:
http://www.eweek.com/article2/0,1895,1840141,00.asp

The vulnerability might be around for a while:
from TFA:
"I was really looking to them to address this issue, but Microsoft
feels that this is a hardware issue and doesn't see it as a problem,"
he said.

Also - if you're trying to get autorun.inf on a mass storage device,
remember that the file called in autorun.inf has to be a .exe or it
won't work.

-- 
AdamT
"Maidenhead is *not* in Kent"

Current thread:

Security with USB Devices NewYork User (Jul 26)
- Re: Security with USB Devices Terry Vernon (Jul 26)
- RE: Security with USB Devices Damien Lewis (Jul 26)
- Re: Security with USB Devices Anders Thulin (Jul 27)
- Re: Security with USB Devices Koolk3 (Jul 27)
- <Possible follow-ups>
- Re: Security with USB Devices Michael Parker (Jul 26)
  - Re: Security with USB Devices Calum Power (Jul 26)
  - Re: Security with USB Devices Frederic Charpentier (Jul 27)
    - Re: Security with USB Devices NewYork User (Jul 29)
  - Re: Security with USB Devices AdamT (Jul 27)
- RE: Security with USB Devices Todd Towles (Jul 27)
- RE: Security with USB Devices Michael Parker (Jul 27)