Pretty, shiny usb drive is all it takes to compromise security….



Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.


The real kicker is that 15 of the drives were picked up AND plugged into pcs AND they apparently each clicked through the included files INCLUDING the specially crafted trojan, which then started reporting back usernames and passwords as they went to work. I guess in ancient times it was the trojan horse, but today it’s the trojan usb key?

It’s best to be suspicious of “things found”. Many companies have strict NO USB storage policies. If you’re concerned about disabling that, (for windows systems) you might reference this article on disabling usb discs in windows. What’s nice about this method is that you can disable JUST the usb storage devices (without affecting mice/keyboards/scanners) and any devices attached when you do this will still be usable (in case there are sanctioned usb storage devices.)

Of course, in most linux systems you can either disable the usb_storage driver or disable the ability of users mounting drives. There was some slashdot discussion about autorun with regards to usb, but from the article it doesn’t sound like they tried to do any “autorun” other than give something people might be interested to click on. (Files that look to be images). I can imagine that Windows default policy of hiding file extensions doesn’t help, although there are ways to do the above without executable files ending in .exe or com or scripts ending in bat or cmd… etc.

So what’s the advice? Test anything “discovered” on a “safe” (read NETWORK DISCONNECTED) system, treat it like you would imagine any dangerous package left outside might be treated, with great suspicion and caution.

Social Engineering is still the #1 security vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
  • Ooops... hard drive maker ships trojan on storage media Oooops... According to the Sunbelt blog a Japanese storage maker (I-O Data Device) has offered to exchange drives that were discovered to have been shipped out with the Tompai-A, a worm which would give a cracker backdoor access to a machine. It affects portable hard drive's in the companies HDP-U......
Blog Traffic Exchange Related Websites
  • Use These Effective Traffic Generation Sources. Hi, I’d like to give you some really worthy tips driving traffic to your website. As for me I consider them to be really helpful. So let’s get down to business without delay. From my point of view the main source of traffic is certainly your high quality content systematically......
  • Priceless Benefits of iPhones and Cloud Storage This is a guest post! If you want to write for us, check out the Guest Post section. A decade ago, no one would imagine that a cell phone would store music and multimedia applications. Now, nearly everyone is flocking to purchase iPhones and iPads to not only utilize their main functions,......
  • An Overview Of What Mozy Has To Offer For business owners (and even homeowners) these days, it is important to make use of tools that provide backup services for their digital files. And such a need is what mozy was specifically developed for. Such a program offers great file backup and file storage solutions for both business as......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site