[unisog] Pen testers after my own heart...

David McBride dwm at doc.ic.ac.uk
Mon Jun 12 16:25:28 GMT 2006

Paul Asadoorian wrote:

> I am curious as to what their recommendations were for this particular test,
> "Tell employees not to put things in their computer" or  "fill the USB ports
> with epoxy". Not so practical....

Turn off Autorun via a domain group policy?

At least part of the problem here is not that the users are deliberately 
running untrusted code found on a discarded USB key, but rather that 
their shell is doing it for them!

David McBride <dwm at doc.ic.ac.uk>
Department of Computing, Imperial College, London

More information about the unisog mailing list