Pretty, shiny usb drive is all it takes to compromise security….



Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.


The real kicker is that 15 of the drives were picked up AND plugged into pcs AND they apparently each clicked through the included files INCLUDING the specially crafted trojan, which then started reporting back usernames and passwords as they went to work. I guess in ancient times it was the trojan horse, but today it’s the trojan usb key?

It’s best to be suspicious of “things found”. Many companies have strict NO USB storage policies. If you’re concerned about disabling that, (for windows systems) you might reference this article on disabling usb discs in windows. What’s nice about this method is that you can disable JUST the usb storage devices (without affecting mice/keyboards/scanners) and any devices attached when you do this will still be usable (in case there are sanctioned usb storage devices.)

Of course, in most linux systems you can either disable the usb_storage driver or disable the ability of users mounting drives. There was some slashdot discussion about autorun with regards to usb, but from the article it doesn’t sound like they tried to do any “autorun” other than give something people might be interested to click on. (Files that look to be images). I can imagine that Windows default policy of hiding file extensions doesn’t help, although there are ways to do the above without executable files ending in .exe or com or scripts ending in bat or cmd… etc.

So what’s the advice? Test anything “discovered” on a “safe” (read NETWORK DISCONNECTED) system, treat it like you would imagine any dangerous package left outside might be treated, with great suspicion and caution.

Social Engineering is still the #1 security vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • Exploits a plenty - IE / Excel (Firefox?) There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it......
  • Winamp and Shoutcast vulnerabilities In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file.......
Blog Traffic Exchange Related Websites
  • Priceless Benefits of iPhones and Cloud Storage This is a guest post! If you want to write for us, check out the Guest Post section. A decade ago, no one would imagine that a cell phone would store music and multimedia applications. Now, nearly everyone is flocking to purchase iPhones and iPads to not only utilize their main functions,......
  • Spyware: The New Annoying Threat A friend called me one day, frustrated out of his mind that his computer was acting very strange.  When he opened his Internet Explorer, it sent him to a strange site and pop-up windows kept covering his screen.  He even complained about the performance of his Intel Pentium 4 computer......
  • An Overview Of What Mozy Has To Offer For business owners (and even homeowners) these days, it is important to make use of tools that provide backup services for their digital files. And such a need is what mozy was specifically developed for. Such a program offers great file backup and file storage solutions for both business as......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site