Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Security with USB Devices

from [Todd Towles] Network Security [Permanent Link]
Subject: RE: Security with USB Devices
Date: Wed, 27 Jul 2005 08:09:15 -0500 
"The buffer-overflow flaw is in device drivers that Windows loads
whenever USB devices are inserted into computers running Windows 32-bit
operating systems, including Windows XP and Windows 2000, said Caleb
Sima, chief technology officer and founder of SPI Dynamics."
 
http://www.eweek.com/article2/0,1895,1840141,00.asp

Eweek article on the issue. The company will be demonstrating the
vulnerability at this week's Black Hat Briefings hacker conference in
Las Vegas, but will not release details of the security hole.

-Todd


-----Original Message-----
From: Michael Parker [mailto:mparker@rim.com] 
Sent: Tuesday, July 26, 2005 5:05 PM
To: newyorkuser@gmail.com; pen-test@securityfocus.com
Subject: Re: Security with USB Devices

There was recently (Monday of this week) a vulnerability 
disclosed with regards to a flaw in the USB driver that 
affected Windows systems (verified) and *nix systems 
(suspected). I don't have a directlink but it was on slashdot. 



Michael Parker, BA (Hon), GSEC, MBCS

Information Security Coordinator
Research In Motion

Phone: 519.888.7465
Cell: 519.573.4782
mparker@rim.com



-----Original Message-----
From: NewYork User <newyorkuser@gmail.com>
To: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Tue Jul 26 10:51:40 2005
Subject: Security with USB Devices

List, 

Does any one know a good program to "autorun" from USB drive 
on a windows 2000 or an XP machine? I have tried the 
traditional Autorun.inf but didn't have any luck. I looked up 
in google but couldn't find any useful stuff. I saw some 
commercial programs to use for backup etc..But its not of any 
use if I want to prove my point that data can be vulnerable 
if use of USB drives is not restricted either by using a 
program or any kind of security control. I created a simple 
batch file to open up a Netcat listener. It is pretty common 
for the users lock their machines and leave their desks. I'm 
looking for any kind of scripts that can run a batch file 
automatically or can copy the data automatically. Any ideas?

Thanks for your help.




---------------------------------------------------------------------
This transmission (including any attachments) may contain 
confidential information, privileged material (including 
material protected by the solicitor-client or other 
applicable privileges), or constitute non-public information. 
Any use of this information by anyone other than the intended 
recipient is prohibited. If you have received this 
transmission in error, please immediately reply to the sender 
and delete this information from your system. Use, 
dissemination, distribution, or reproduction of this 
transmission by unintended recipients is not authorized and 
may be unlawful.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security with USB Devices, Frederic Charpentier
Next by Date:  RE: IPS comparison, Soszynski, Chris
Previous by Thread:  Re: Security with USB Devices, AdamT
Next by Thread:  RE: Security with USB Devices, Michael Parker
Indexes:  [Date] [Thread] [Top] [All Lists]