Pretty, shiny usb drive is all it takes to compromise security….



Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.


The real kicker is that 15 of the drives were picked up AND plugged into pcs AND they apparently each clicked through the included files INCLUDING the specially crafted trojan, which then started reporting back usernames and passwords as they went to work. I guess in ancient times it was the trojan horse, but today it’s the trojan usb key?

It’s best to be suspicious of “things found”. Many companies have strict NO USB storage policies. If you’re concerned about disabling that, (for windows systems) you might reference this article on disabling usb discs in windows. What’s nice about this method is that you can disable JUST the usb storage devices (without affecting mice/keyboards/scanners) and any devices attached when you do this will still be usable (in case there are sanctioned usb storage devices.)

Of course, in most linux systems you can either disable the usb_storage driver or disable the ability of users mounting drives. There was some slashdot discussion about autorun with regards to usb, but from the article it doesn’t sound like they tried to do any “autorun” other than give something people might be interested to click on. (Files that look to be images). I can imagine that Windows default policy of hiding file extensions doesn’t help, although there are ways to do the above without executable files ending in .exe or com or scripts ending in bat or cmd… etc.

So what’s the advice? Test anything “discovered” on a “safe” (read NETWORK DISCONNECTED) system, treat it like you would imagine any dangerous package left outside might be treated, with great suspicion and caution.

Social Engineering is still the #1 security vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
  • 5198 Security Vulnerabilities tracked by US-CERT in 2005 The headline probably says most all... 5198 vulnerabilities tracked by US-Cert in 2005. This comes from The SecurityFix. It's probably not every vulernability that was out in 2005, just those that US-CERT issued advisories for. The breakdown is 812 in Windows 2,328 in various Unix/Linux/Mac/BSD systems and 2,058 affecting multiple......
Blog Traffic Exchange Related Websites
  • An Overview Of What Mozy Has To Offer For business owners (and even homeowners) these days, it is important to make use of tools that provide backup services for their digital files. And such a need is what mozy was specifically developed for. Such a program offers great file backup and file storage solutions for both business as......
  • Ballena Isle Marina  Ballena Isle Marina is located in Alameda, CA Phone: 510.523.5528 View Larger Map Website: http://www.ballenaisle.com/ Available Slips: 515 Current Pricing: 22' - $170 per month. Rates go as high as $902 for 70' vessels. Please visit their website for more complete pricing information. What You Need to Know About Pricing:......
  • Prosper Greasemonkey Script for Firefox I finally downloaded and tried out Greasemonkey for Firefox extension the other day. I had heard of it before, but never installed it until recently. Greasemonkey is a Firefox extension that allows you to manipulate any web page you visit in Firefox. It uses JavaScript code that runs as if......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site