[unisog] Pen testers after my own heart...

Saqib Ali docbook.xml at gmail.com
Tue Jun 13 16:54:26 GMT 2006


This topic on digg.com:
http://www.digg.com/security/Social_Engineering_using_USB_drives

On 6/13/06, Cosmin Stejerean <cstejerean at gmail.com> wrote:
> I would propose to block execution of all executables from removable
> devices for all users. Users should not need to install software from
> CDs and in the rare event that the need to bring executables to work
> they can copy it to the PC first and run it from there.
>
> Not sure how easy this is to do in Windows (if there are some built-in
> settings or software available) but something to do this can be easily
> written with some system hooks. I think that would mitigate the
> problem altogether without blocking users from using USB storage
> devices. I feel that in a university environment USB storage devices
> come in very handy.
>
> Regards,
>
> Cosmin Stejerean
>
> On 6/13/06, Dave Ellingsberg <dave.ellingsberg at csu.mnscu.edu> wrote:
> > usb 1-1: new full speed USB device using uhci_hcd and address 6
> > usb 1-1: configuration #1 chosen from 1 choice
> > scsi7 : SCSI emulation for USB Mass Storage devices
> > usb-storage: device found at 6
> > usb-storage: waiting for device to settle before scanning
> >   Vendor: SanDisk   Model: U3 Cruzer Micro   Rev: 2.15
> >   Type:   Direct-Access                      ANSI SCSI revision: 02
> > SCSI device sdb: 990865 512-byte hdwr sectors (507 MB)
> > sdb: Write Protect is off
> > sdb: Mode Sense: 03 00 00 00
> > sdb: assuming drive cache: write through
> > SCSI device sdb: 990865 512-byte hdwr sectors (507 MB)
> > sdb: Write Protect is off
> > sdb: Mode Sense: 03 00 00 00
> > sdb: assuming drive cache: write through
> >  sdb: sdb1
> > sd 7:0:0:0: Attached scsi removable disk sdb
> > sd 7:0:0:0: Attached scsi generic sg1 type 0
> >   Vendor: SanDisk   Model: U3 Cruzer Micro   Rev: 2.15
> >   Type:   CD-ROM                             ANSI SCSI revision: 02
> > sr0: scsi3-mmc drive: 8x/40x writer xa/form2 cdda tray
> > sr 7:0:0:1: Attached scsi CD-ROM sr0
> > sr 7:0:0:1: Attached scsi generic sg2 type 5
> > usb-storage: device scan complete
> >
> > see http://cse.msstate.edu/~rwm8/hackingU3/  for more info.
> >
> > as you see this reports to be two devices a usb and cdrom.
> >
> > foot.
> >
> >
> > >>>chris at eng.gla.ac.uk 06/13 6:19 am >>>
> > On Mon, 12 Jun 2006, Jordan Wiens wrote:
> >
> > | http://www.microsoft.com/whdc/device/storage/usbfaq.mspx
> > | -----
> > | Q: What must I do to trigger Autorun on my USB storage device?
> > | The Autorun capabilities are restricted to CD-ROM drives and fixed
> > disk
> >
> > ...which suggests a variation on the attack - simply burn a load of
> > autorun CDs and leave them around!
> >
> > (cheaper than memory sticks too)
> >
> > As for globally disabling USB, I think we'd have a riot on our hands.
> > In our University environment, education is the way to go.
> >
> > unisog mailing list
> > unisog at lists.sans.org
> > http://www.dshield.org/mailman/listinfo/unisog
> > _______________________________________________
> > unisog mailing list
> > unisog at lists.sans.org
> > http://www.dshield.org/mailman/listinfo/unisog
> >
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>


-- 
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------


More information about the unisog mailing list