Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security with USB Devices

from [Calum Power] Network Security [Permanent Link]
Subject: Re: Security with USB Devices
Date: Wed, 27 Jul 2005 09:48:28 +1000 
As Michael said below, there is a vulnerability in the USB driver that
runs on Windows systems. The "original source" (if there is such a thing
in today's internet journalism) is eweek:
http://www.eweek.com/article2/0,1895,1840141,00.asp

As for AutoRun.ini's, they don't work from any physically removable
source. Windows will only search for autoruns if it detects the device
as a CD-ROM drive. You could possibly exploit this buy using a usb-based
removable USB drive, but I wouldn't hold my breath.

Good Luck!

Calum
--
Calum Power
Systems Administrator
Server101.com
calum@server101.com


Michael Parker wrote:


There was recently (Monday of this week) a vulnerability disclosed with 
regards to a flaw in the USB driver that affected Windows systems (verified) 
and *nix systems (suspected). I don't have a directlink but it was on 
slashdot. 



Michael Parker, BA (Hon), GSEC, MBCS

Information Security Coordinator
Research In Motion

Phone: 519.888.7465
Cell: 519.573.4782
mparker@rim.com



-----Original Message-----
From: NewYork User <newyorkuser@gmail.com>
To: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Tue Jul 26 10:51:40 2005
Subject: Security with USB Devices

List, 

Does any one know a good program to "autorun" from USB drive on a
windows 2000 or an XP machine? I have tried the traditional
Autorun.inf but didn't have any luck. I looked up in google but
couldn't find any useful stuff. I saw some commercial programs to use
for backup etc..But its not of any use if I want to prove my point
that data can be vulnerable if use of USB drives is not restricted
either by using a program or any kind of security control. I created a
simple batch file to open up a Netcat listener. It is pretty common
for the users lock their machines and leave their desks. I'm looking
for any kind of scripts that can run a batch file automatically or can
copy the data automatically. Any ideas?

Thanks for your help.




---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential 
information, privileged material (including material protected by the 
solicitor-client or other applicable privileges), or constitute non-public 
information. Any use of this information by anyone other than the intended 
recipient is prohibited. If you have received this transmission in error, 
please immediately reply to the sender and delete this information from your 
system. Use, dissemination, distribution, or reproduction of this transmission 
by unintended recipients is not authorized and may be unlawful.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Identification of non Cisco AP's, Jonathan Gauntt
Next by Date:  Re: VoIP testing Help, Mark Sec
Previous by Thread:  Re: Security with USB Devices, Michael Parker
Next by Thread:  Re: Security with USB Devices, Frederic Charpentier
Indexes:  [Date] [Thread] [Top] [All Lists]