Pretty, shiny usb drive is all it takes to compromise security….



Sometimes you just want to cry… This writeup is an example of the “soft underbelly” of every network’s security plan… the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were social engineering (easy sharing of passwords among/from employees) and they were concerned about removable usb drives being used to copy data out of the credit union. So, they hatched an idea to try and make use of what they’d learned were the concerns. They prepared 20 usb keys with pictures and some “specially designed software” and scattered them in places where employees would find them… smoking areas, parking lot, etc.


The real kicker is that 15 of the drives were picked up AND plugged into pcs AND they apparently each clicked through the included files INCLUDING the specially crafted trojan, which then started reporting back usernames and passwords as they went to work. I guess in ancient times it was the trojan horse, but today it’s the trojan usb key?

It’s best to be suspicious of “things found”. Many companies have strict NO USB storage policies. If you’re concerned about disabling that, (for windows systems) you might reference this article on disabling usb discs in windows. What’s nice about this method is that you can disable JUST the usb storage devices (without affecting mice/keyboards/scanners) and any devices attached when you do this will still be usable (in case there are sanctioned usb storage devices.)

Of course, in most linux systems you can either disable the usb_storage driver or disable the ability of users mounting drives. There was some slashdot discussion about autorun with regards to usb, but from the article it doesn’t sound like they tried to do any “autorun” other than give something people might be interested to click on. (Files that look to be images). I can imagine that Windows default policy of hiding file extensions doesn’t help, although there are ways to do the above without executable files ending in .exe or com or scripts ending in bat or cmd… etc.

So what’s the advice? Test anything “discovered” on a “safe” (read NETWORK DISCONNECTED) system, treat it like you would imagine any dangerous package left outside might be treated, with great suspicion and caution.

Social Engineering is still the #1 security vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • Winamp and Shoutcast vulnerabilities In the last several days there have been a couple vulnerabilities disclosed that I should cover. The first up is related to Winamp. Version 5.12 is vulnerable to a problem with the way it handles .pls (playlist) files. This could allow very bad things with a specially crafted pls file.......
  • 5198 Security Vulnerabilities tracked by US-CERT in 2005 The headline probably says most all... 5198 vulnerabilities tracked by US-Cert in 2005. This comes from The SecurityFix. It's probably not every vulernability that was out in 2005, just those that US-CERT issued advisories for. The breakdown is 812 in Windows 2,328 in various Unix/Linux/Mac/BSD systems and 2,058 affecting multiple......
Blog Traffic Exchange Related Websites
  • Unique Flash Drives Flash drives has been one of the most important item of this era. The innovation of flash storage has made optical storage obsolete. Flash storage is faster and easily accessible on any computer. In here I made a list of some interesting flash drives that might be useful to some......
  • Spyware: The New Annoying Threat A friend called me one day, frustrated out of his mind that his computer was acting very strange.  When he opened his Internet Explorer, it sent him to a strange site and pop-up windows kept covering his screen.  He even complained about the performance of his Intel Pentium 4 computer......
  • An Overview Of What Mozy Has To Offer For business owners (and even homeowners) these days, it is important to make use of tools that provide backup services for their digital files. And such a need is what mozy was specifically developed for. Such a program offers great file backup and file storage solutions for both business as......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site