USB security vulnerability



Just read this over at eweek…. USB devices can post a security risk.

There’s an “age old” adage in computer security (well – as far as computer security it’s old…) You can control a machine if you have physical access to it. This is yet another example. Essentially it sounds as though an attacker can gain administrative access by inserting a specially “programmed” usb key which can cause a buffer overflow in the USB device driver.

From the article “demonstrating a USB storage device that is programmed to automatically copy recently accessed files when inserted into a Windows PC.” This could be very bad news in certain environments. No need to site trying to break into the system, just plug it in and the recently access files are copied over. This is “hollywood movie style hacking/cracking” it wouldn’t seem to get much easier.

If you’re concerned about this kind of data theft, there are options though. Devicelock is one. Safend’s USB port protector is another. It is still worth making sure to restrict unauthorized access to “valuable”, data rich machines. Products like Devicelock and Safend’s protectors can slow down and make more complicated data theft, or tampering with a system, but it cannot be prevented. Give an individual enough time with physical access to a machine and they will get in.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
  • List of Open Source software Packages The following is long, but likely not complete. This is a list of open-source software packages: Computer software licensed under an open-source license. Software that fits the Free software definition may be more appropriately called free software; the GNU project in particular objects to their works being referred to as......
  • How to Remove System Fighter | SystemFighter Removal Guide System Fighter is a rogue antivirus application. It is the latest variation in the relentless wini family of rogues. (The last of these was systemveteran (systemveteran removal guide.) Rogue antivirus applications usually install through a popup website that appears to be scanning your computer for viruses (and finding them). This......
Blog Traffic Exchange Related Websites
  • Hackers Are At Work Both Online And Offline The overall focus of data security SMEs and even private parties when it comes to protection of their private information is on the virtual world, not the real world. But there are plenty of instances of hackers both online and offline to successfully intrude into an institution, government, company or......
  • D-Link Announced 2 new 2-Bay Network Storage Devices Two new Network Storage Devices from D-Link D-Link today announced that its ShareCenter® 2-Bay Network Storage devices, the DNS-320 and DNS-325, are now available. Building off of the successful DNS-321 and DNS-323, the new DNS-320 and DNS-325 provide centralized storage, enabling consumers to easily share documents, files and digital media......
  • Ten Steps To Become a Linux/Unix Geek Until recently, Linux/Unix was considered OS of the geeks. However, with GUI and more desktop Linux distributions, things have simplified on both Linux and Unix. Still you can geek out with Unix/Linux using its terminal. Just follow the steps below to master the terminal. 1. Never used Linux! Get Ubuntu......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site