Re: [Full-Disclosure] USB Auto run function

From: Ron DuFresne (dufresne_at_winternet.com)
Date: 06/18/04

  • Next message: joe: "RE: [Full-Disclosure] MS Anti Virus?"
    To: Oscar Fajardo Sanchez <oscar.fajardo@atosorigin.com>
    Date: Fri, 18 Jun 2004 11:49:20 -0500 (CDT)
    
    

    And boild down to pretty much this;;

    This is old news though, security 101 kind of stuff. Just because a new
    toy comes out does not imply it should not play by the rules of the other
    toys in the chest. If this is found in an audit then the company that
    hired you has real policy issues for you to outline to them and they will
    then need to address.

    Thanks,

    Ron DuFresne

    On Fri, 18 Jun 2004, Oscar Fajardo Sanchez wrote:

    >
    > This issue has been discused in pentest list. Take a look at:
    >
    > http://archives.neohapsis.com/archives/sf/pentest/2004-05/0136.html
    >
    > Regards.
    >
    > ----- Original Message -----
    > From: "Aditya, ALD [ Aditya Lalit Deshmukh ]"
    > <aditya.deshmukh@online.gateway.technolabs.net>
    > Date: Friday, June 18, 2004 10:36 am
    > Subject: Re: [Full-Disclosure] USB Auto run function
    >
    > > > I have been interested in a potential exploit that may or may
    > > not be an
    > > > issue, I read lately that a potential malicious file could enter
    > > a system
    > > > via a USB Memory stick with a structured autorun.pif , and this
    > > file would
    > > > operate even if the screen lock is activated .
    > >
    > > this is true only for cdroms where the autorun has been enabled,
    > > winxp does scan for the removable drives but does not run the
    > > program based on the autorun but the type of files on the
    > > reemovable drive
    > >
    > > -aditya
    > >
    > > bv" axZxڔGb*'[kjj)mr
    > >
    > > _______________________________________________
    > > Full-Disclosure - We believe in it.
    > > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    >
    > -----------------------------------------------------------------
    > This e-mail and the documents attached are confidential and intended solely
    > for the addressee; it may also be privileged. If you receive this e-mail
    > in error, please notify the sender immediately and destroy it.
    > As its integrity cannot be secured on the Internet, the Atos Origin group
    > liability cannot be triggered for the message content. Although the
    > sender endeavours to maintain a computer virus-free network, the sender does
    > not warrant that this transmission is virus-free and will not be liable for
    > any damages resulting from any virus transmitted.
    >
    > "Este mensaje y los ficheros adjuntos pueden contener informacin
    > confidencial destinada solamente a la(s) persona(s) mencionadas
    > anteriormente. Pueden estar protegidos por secreto profesional Si usted
    > recibe este correo electrnico por error, gracias de informar inmediatamente
    > al remitente y destruir el mensaje.
    > Al no estar asegurada la integridad de este mensaje sobre la red, Atos
    > Origin no se hace responsable por su contenido. Su contenido no constituye
    > ningn compromiso para el grupo Atos Origin, salvo ratificacin escrita por
    > ambas partes.
    > "Aunque se esfuerza al mximo por mantener su red libre de virus, el emisor
    > no puede garantizar nada al respecto y no ser responsable de cualesquiera
    > daos que puedan resultar de una transmisin de virus"
    > ------------------------------------------------------------------
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Cutting the space budget really restores my faith in humanity. It
    eliminates dreams, goals, and ideals and lets us get straight to the
    business of hate, debauchery, and self-annihilation." -- Johnny Hart
            ***testing, only testing, and damn good at it too!***

    OK, so you're a Ph.D. Just don't touch anything.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: joe: "RE: [Full-Disclosure] MS Anti Virus?"

    Relevant Pages

    • Re: Problem installing FC4
      ... Wilson Woon wrote: ... Pueden estar protegidos por secreto profesional Si usted ... Al no estar asegurada la integridad de este mensaje sobre la red, ... Origin no se hace responsable por su contenido. ...
      (Fedora)
    • Re: Problem installing FC4
      ... >>FC4 and tried to install it. ... Pueden estar protegidos por secreto profesional Si usted ... >Al no estar asegurada la integridad de este mensaje sobre la red, ... >Origin no se hace responsable por su contenido. ...
      (Fedora)
    • Re: overlapping UID crisis
      ... Pueden estar protegidos por secreto profesional Si usted ... Al no estar asegurada la integridad de este mensaje sobre la red, ... Origin no se hace responsable por su contenido. ... Aunque se esfuerza al maximo por mantener su red libre de virus, ...
      (freebsd-questions)
    • Re: [Full-Disclosure] USB Auto run function
      ... Pueden estar protegidos por secreto profesional Si usted ... Al no estar asegurada la integridad de este mensaje sobre la red, ... Origin no se hace responsable por su contenido. ... Full-Disclosure - We believe in it. ...
      (Full-Disclosure)
    • Re: missing rpms
      ... Pueden estar protegidos por secreto profesional Si usted ... Al no estar asegurada la integridad de este mensaje sobre la red, ... Origin no se hace responsable por su contenido. ... Aunque se esfuerza al maximo por mantener su red libre de virus, ...
      (Fedora)