RE: Controlling specific USB devices on Windows XP



Unless the USB device emulates a cd-rom:

http://www.udrw.com/en/tech/index.php

Another poster sent me this. It's someone try to perform the "hack"
himself. See the second entry:

http://hackaday.com/


I may not be well versed in this topic, but my logical assumption that
if there was a way for windows to tell the the difference between a USB
cd-rom and a USB removable storage device, there had to be a way to fool
windows in to thinking a USB removable storage device was a cd-rom. So
wondering if it had been found yet, lead me to try a simple google
search that find the first url.



-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Friday, June 16, 2006 10:15 AM
To: McClenon, Braden (mcclenbw@xxxxxxxxxxx); Greg Merideth;
George Njoku
Cc: Focus Microsoft
Subject: RE: Controlling specific USB devices on Windows XP

Thanks for the info, but most folks are already aware that be
default, the AutoRun function is enabled for CDs, but
disabled for removeable storage. A simply query on TechNet
supports this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/shellcc/platform/Shell/programmersguide/shell_basics/shell_
basics_extending/autorun/autoplay_reg.asp

Harlan

--- mcclenbw@xxxxxxxxxxx wrote:

Well, I don't have a USB storage dive handy at the moment, but I
grabbed the closest CD I knew had an autorun.inf, the second I open
the drive in Explorer, the open=setup.exe line excutes and I have
setup.exe executing. Does seem to hard to get it to run
without user
knowledge.

-----Original Message-----
From: Harlan Carvey [mailto:keydet89@xxxxxxxxx]
Sent: Thursday, June 15, 2006 4:17 PM
To: Greg Merideth; George Njoku
Cc: Focus Microsoft
Subject: Re: Controlling specific USB devices on
Windows XP


Given the recent social engineering test with
USB devices
left around
a credit-unions lobby I would disagree.

That "test" is suspect, as it doesn't provide
nearly enough
information. By default, Windows does not parse
the "load="
or "run=" lines of an autorun.inf file from
removeable media.
So, the question is, what about the "test" got
the users to
run the Trojan on the USB devices?



------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------



--------------------------------------------------------------
-------------


--------------------------------------------------------------
-------------





------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • Re: Device lock ?
    ... On Feb 24, 10:45 pm, Abdelkrim Dekhili ... would like to lock the Floppy Disk Drive, the CD-ROM and USB devices so that ...
    (microsoft.public.windowsxp.hardware)
  • Re: USB devices slow boot time of Windows XP Professional
    ... I found that the pc would take excessive time between the text boot ... of windows xp and the gui during the inialization of the usb devices only ... Then when in windows the mouse wouldnt ... the standard hid compliant drivers. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Serious Question - Mainstream Use - No Troll
    ... USB devices such as memory sticks, external drives, MP3 ... etc. just don't work automatically like in Windows XP. ... >> they get it to work with SuSE (or ANY Linux System). ... In any case, I'll bite too. ...
    (alt.os.linux.suse)
  • RE: Security with USB Devices
    ... "The buffer-overflow flaw is in device drivers that Windows loads ... operating systems, including Windows XP and Windows 2000, said Caleb ... but will not release details of the security hole. ... > Subject: Security with USB Devices ...
    (Pen-Test)
  • Re: unmountable boot volume blue screen error
    ... this, there are no usb devices connected, i tried running the acer D2D ... going to the windows screen telling you windows did not start successfully, ... Try booting with all hardware peripherals, except keyboard, mouse. ... safemode-safe mode with networking- safe mode with command promt- ...
    (microsoft.public.windowsxp.general)