RE: Controlling specific USB devices on Windows XP
- From: <mcclenbw@xxxxxxxxxxx>
- Date: Fri, 16 Jun 2006 14:44:03 -0400
Unless the USB device emulates a cd-rom:
http://www.udrw.com/en/tech/index.php
Another poster sent me this. It's someone try to perform the "hack"
himself. See the second entry:
http://hackaday.com/
I may not be well versed in this topic, but my logical assumption that
if there was a way for windows to tell the the difference between a USB
cd-rom and a USB removable storage device, there had to be a way to fool
windows in to thinking a USB removable storage device was a cd-rom. So
wondering if it had been found yet, lead me to try a simple google
search that find the first url.
-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Friday, June 16, 2006 10:15 AM
To: McClenon, Braden (mcclenbw@xxxxxxxxxxx); Greg Merideth;
George Njoku
Cc: Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP
Thanks for the info, but most folks are already aware that be
default, the AutoRun function is enabled for CDs, but
disabled for removeable storage. A simply query on TechNet
supports this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/shellcc/platform/Shell/programmersguide/shell_basics/shell_
basics_extending/autorun/autoplay_reg.asp
Harlan
--- mcclenbw@xxxxxxxxxxx wrote:
Well, I don't have a USB storage dive handy at the moment, but Iwithout user
grabbed the closest CD I knew had an autorun.inf, the second I open
the drive in Explorer, the open=setup.exe line excutes and I have
setup.exe executing. Does seem to hard to get it to run
knowledge.--------------------------------------------------------------
-----Original Message-----Windows XP
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Thursday, June 15, 2006 4:17 PM
To: Greg Merideth; George Njoku
Cc: Focus Microsoft
Subject: Re: Controlling specific USB devices on
USB devices
Given the recent social engineering test with
left aroundnearly enough
a credit-unions lobby I would disagree.
That "test" is suspect, as it doesn't provide
information. By default, Windows does not parsethe "load="
or "run=" lines of an autorun.inf file fromremoveable media.
So, the question is, what about the "test" gotthe users to
run the Trojan on the USB devices?
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
---------------------------------------------------------------------------
-------------
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Prev by Date: RE: Controlling specific USB devices on Windows XP
- Next by Date: RE: Controlling specific USB devices on Windows XP
- Previous by thread: RE: Controlling specific USB devices on Windows XP
- Next by thread: Re: Re: Controlling specific USB devices on Windows XP
- Index(es):
Relevant Pages
|
