[unisog] Pen testers after my own heart...
dwm at doc.ic.ac.uk
Mon Jun 12 16:25:28 GMT 2006
Paul Asadoorian wrote:
> I am curious as to what their recommendations were for this particular test,
> "Tell employees not to put things in their computer" or "fill the USB ports
> with epoxy". Not so practical....
Turn off Autorun via a domain group policy?
At least part of the problem here is not that the users are deliberately
running untrusted code found on a discarded USB key, but rather that
their shell is doing it for them!
David McBride <dwm at doc.ic.ac.uk>
Department of Computing, Imperial College, London
More information about the unisog