From the article [
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1
]
"then unknowingly running our piece of software."
A majority of machines we find are still configured to not show
extensions of known file types yet I can easily make an executable
file with the icon from Microsoft Word. If I name my program
"creditcards.doc"[hidden].exe that a) installs the trojan and b) runs
word opening a hidden file called [whatever.doc] the end user see's
nothing special but a document appearing (provided word is installed
or whatever you want to run).
Not automatically running applications on USB drives versus having
smarter end users to not pick a USB drive up off the parking lot are
two different things.
Having policies defining what the user can and cannot do takes away
their ability to mess things up.
On 6/15/06, Harlan Carvey <keydet89 (at) yahoo (dot) com [email concealed]> wrote:
>
> > Given the recent social engineering test with USB
> > devices left around
> > a credit-unions lobby I would disagree.
>
> That "test" is suspect, as it doesn't provide nearly
> enough information. By default, Windows does not
> parse the "load=" or "run=" lines of an autorun.inf
> file from removeable media. So, the question is, what
> about the "test" got the users to run the Trojan on
> the USB devices?
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1
]
"then unknowingly running our piece of software."
A majority of machines we find are still configured to not show
extensions of known file types yet I can easily make an executable
file with the icon from Microsoft Word. If I name my program
"creditcards.doc"[hidden].exe that a) installs the trojan and b) runs
word opening a hidden file called [whatever.doc] the end user see's
nothing special but a document appearing (provided word is installed
or whatever you want to run).
Not automatically running applications on USB drives versus having
smarter end users to not pick a USB drive up off the parking lot are
two different things.
Having policies defining what the user can and cannot do takes away
their ability to mess things up.
On 6/15/06, Harlan Carvey <keydet89 (at) yahoo (dot) com [email concealed]> wrote:
>
> > Given the recent social engineering test with USB
> > devices left around
> > a credit-unions lobby I would disagree.
>
> That "test" is suspect, as it doesn't provide nearly
> enough information. By default, Windows does not
> parse the "load=" or "run=" lines of an autorun.inf
> file from removeable media. So, the question is, what
> about the "test" got the users to run the Trojan on
> the USB devices?
--
Greg Merideth
Forward Technology, LLC.
CTO & Other Wild Stuff
gmerideth (at) forwardtechnology (dot) net [email concealed]
PGP Fingerprint
D0FCCD39743A6ABF87470A87EDE382594968A60A
"10b|~10b" - Shakespeare
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]