Pretty, shiny usb drive is all it takes to compromise security….



Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.


The real kicker is that 15 of the drives were picked up AND plugged into pcs AND they apparently each clicked through the included files INCLUDING the specially crafted trojan, which then started reporting back usernames and passwords as they went to work. I guess in ancient times it was the trojan horse, but today it’s the trojan usb key?

It’s best to be suspicious of “things found”. Many companies have strict NO USB storage policies. If you’re concerned about disabling that, (for windows systems) you might reference this article on disabling usb discs in windows. What’s nice about this method is that you can disable JUST the usb storage devices (without affecting mice/keyboards/scanners) and any devices attached when you do this will still be usable (in case there are sanctioned usb storage devices.)

Of course, in most linux systems you can either disable the usb_storage driver or disable the ability of users mounting drives. There was some slashdot discussion about autorun with regards to usb, but from the article it doesn’t sound like they tried to do any “autorun” other than give something people might be interested to click on. (Files that look to be images). I can imagine that Windows default policy of hiding file extensions doesn’t help, although there are ways to do the above without executable files ending in .exe or com or scripts ending in bat or cmd… etc.

So what’s the advice? Test anything “discovered” on a “safe” (read NETWORK DISCONNECTED) system, treat it like you would imagine any dangerous package left outside might be treated, with great suspicion and caution.

Social Engineering is still the #1 security vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Windows Smart Security (Removal Guide) Windows Smart Security is a rogue spyware application that may fool people into installing and purchasing due to the use of the words Windows and Security in the title. It may fool people into thinking that it is related to Microsoft Windows and perhaps even a part of the operating......
  • Winamp and Shoutcast vulnerabilities In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file.......
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
Blog Traffic Exchange Related Websites
  • An Overview Of What Mozy Has To Offer For business owners (and even homeowners) these days, it is important to make use of tools that provide backup services for their digital files. And such a need is what mozy was specifically developed for. Such a program offers great file backup and file storage solutions for both business as......
  • Ballena Isle Marina  Ballena Isle Marina is located in Alameda, CA Phone: 510.523.5528 View Larger Map Website: http://www.ballenaisle.com/ Available Slips: 515 Current Pricing: 22' - $170 per month. Rates go as high as $902 for 70' vessels. Please visit their website for more complete pricing information. What You Need to Know About Pricing:......
  • Antioch Marina, Antioch, CA Antioch Marina is located in: Antioch, CA Phone: (925) 779-6957 Boat Launch: Yes, this facility does offer a boat launch. Berth Fees: - Open berths: $5.50 per foot per month. - Covered berths: $7.00 per foot per month "Charges are for the length of the berth, or the length of......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site