Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Security with USB Devices

from [NewYork User] Network Security [Permanent Link]
Subject: Re: Security with USB Devices
Date: Fri, 29 Jul 2005 09:16:04 -0400 
List, 

Thank you every one for your valuable advice. It was a great help. 



On 7/27/05, Frederic Charpentier <fcharpen@xmcopartners.com> wrote:

Hi list !

The Usb drivers flaws : http://www.eweek.com/article2/0,1759,1840131,00.asp

A commercial USB with autorun feature :
http://www.udrw.com/

Fred.
--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com


Michael Parker wrote:

There was recently (Monday of this week) a vulnerability disclosed with 
regards to a flaw in the USB driver that affected Windows systems 
(verified) and *nix systems (suspected). I don't have a directlink but it 
was on slashdot.



Michael Parker, BA (Hon), GSEC, MBCS

Information Security Coordinator
Research In Motion

Phone: 519.888.7465
Cell: 519.573.4782
mparker@rim.com



-----Original Message-----
From: NewYork User <newyorkuser@gmail.com>
To: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Tue Jul 26 10:51:40 2005
Subject: Security with USB Devices

List,

Does any one know a good program to "autorun" from USB drive on a
windows 2000 or an XP machine? I have tried the traditional
Autorun.inf but didn't have any luck. I looked up in google but
couldn't find any useful stuff. I saw some commercial programs to use
for backup etc..But its not of any use if I want to prove my point
that data can be vulnerable if use of USB drives is not restricted
either by using a program or any kind of security control. I created a
simple batch file to open up a Netcat listener. It is pretty common
for the users lock their machines and leave their desks. I'm looking
for any kind of scripts that can run a batch file automatically or can
copy the data automatically. Any ideas?

Thanks for your help.




---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential 
information, privileged material (including material protected by the 
solicitor-client or other applicable privileges), or constitute non-public 
information. Any use of this information by anyone other than the intended 
recipient is prohibited. If you have received this transmission in error, 
please immediately reply to the sender and delete this information from 
your system. Use, dissemination, distribution, or reproduction of this 
transmission by unintended recipients is not authorized and may be unlawful.



--
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web  : http://www.xmcopartners.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ssh mitm at the router, Terry Vernon
Next by Date:  Re: RE: Exploit package analysis, mark . handy
Previous by Thread:  Re: Security with USB Devices, Frederic Charpentier
Next by Thread:  Re: Security with USB Devices, AdamT
Indexes:  [Date] [Thread] [Top] [All Lists]