Re: USB delivered attacks - lessons learned/summary (so far)

From: H Carvey (keydet89_at_yahoo.com)
Date: 06/08/04

  • Next message: Michael Howard: "RE: Global.asa security under IIS 6.0" 
    Date: 8 Jun 2004 20:31:08 -0000
To: pen-test@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <016501c44847$e686ac40$6701010a@JASEVO>

    >USB devices don't use autorun -

    More specifically, parsing and execution of the autorun.inf file at the root of the device is not enabled for removeable drive types.

    XP - http://support.microsoft.com/default.aspx?scid=kb;en-us;314855
    2K - http://support.microsoft.com/default.aspx?scid=kb;EN-US;173584

    This KB article describes the Registry key in question:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;136214

    Hope that helps...

    >Somebody said that 2600 had something about this type of thing in the
    >current 2600 magazine. That would suggest that a few other people have
    >been playing with this idea. Somebody with more brains, ideas or time
    >than I is likely to come up with something pretty nasty.

    I think "playing" is the key term. I don't have a USB hard drive to test with, but using a thumb drive shows that taking advantage of the autorun functionality on such devices is a loosing proposition in situations where the target Registry key has NOT been modified.

  • Next message: Michael Howard: "RE: Global.asa security under IIS 6.0"

    Relevant Pages

    • broken system after srm -r -d /tmp/.* (user login and several services not working)
      ... I've broken my debian/unstable system by executing as root the command ... Login as root works without any issues. ... I reinstalled all installed packages: ... aborted the execution after something between 20 and 40 seconds. ...
      (Debian-User)
    • Re: Ports 0-1023?
      ... The most important rule being that the suexec program ... have all the same requirements because Apache CGI execution is a bit ... I think that authentication (PAM) should be very separate from ... > I'm also trying to enable daemons that don't really need to be root at all, ...
      (Vuln-Dev)
    • Re: BEGIN block question
      ... so I make sure I got what you are saying. ... This execution includes ... any top level code not enclosed in subroutines and all subroutines ... * Parsing of the original 'use'r code (even if there are BEGIN blocks ...
      (perl.beginners)
    • Re: XML Document. Node vs Elements, and more
      ... Jbjones wrote: ... > I am parsing a document, so am using nodelist to get the children of ... > the root, and using logic to parse the Nodes depending on which one it ...
      (comp.lang.java.programmer)
    • Re: Closure vs Rewrite
      ... execution reaches the point when it is first used, ... without changing the semantics of any program. ... additonal parsing does not compensate for the run time that might be gained ... How do you know that it takes additional "parsing" time? ...
      (comp.lang.javascript)