uraken

usb dangers

8 posts in this topic

Hi all i was wondering if anyone could point me in the direction, i have to do a presentation at work about the dangers of usb /sd cards etc. I want to pull out all the stops and give some real good demonstrations. I have loads of cd's (hiren, kron, nst etc)and i have created bootable usb Sd card drives etc, I have even dabbled a little with switch blade but i need to be clear here i am absolutley no security guru or even hacker noob (much lesss than that). What i am after is any advice pointers or downloads in which i can really ram home to fellow colleages the dangers of these devices, i am particuarly interested in anything that leaves backdoor admin users on the machines or takes passwords.

I promise you all faithfully that this is 100% genuine and is not for any other than demonstration purposes.

As always thanks in advance

uraken.

0

Share this post


Link to post
Share on other sites

These guys deployed infected USB drives in a real-world environment as a security analysis project for a credit union:

http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634

They have actual stats for how many drives were plugged in, how many inside the corporate intranet, et c. They really do pose a huge danger to companies -- I've heard of one case in which some company actually went so far as to fill the unused USB ports on workstations with glue to prevent the possibility of an employee plugging in a flash drive.

0

Share this post


Link to post
Share on other sites

These guys deployed infected USB drives in a real-world environment as a security analysis project for a credit union:

http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=208803634

They have actual stats for how many drives were plugged in, how many inside the corporate intranet, et c. They really do pose a huge danger to companies --

Thanks for the quick reply systems_glitch i will take a read, i use sotware restriction policys to block any exe's etc from being run from my users usb pen drives but we hauled all 80 road warriors laptops in recently for routine maint and they were all riddled (despite decent AV) i want to make a case for blocking them entirely and so have been asked to present pro's and cons 9and to demonstrate how bad they can be).

0

Share this post


Link to post
Share on other sites

in a school environment every single stick would be pluged in, by a student if not by a teacher to find out whos it is to return it. just go ahead put a text file in the main directory that says "If found please return to ________ in room _______" just put in the network admin he'll get it, plug it in ..BOOM whole network is compromised because he is admin!

0

Share this post


Link to post
Share on other sites

in a school environment every single stick would be pluged in, by a student if not by a teacher to find out whos it is to return it. just go ahead put a text file in the main directory that says "If found please return to ________ in room _______" just put in the network admin he'll get it, plug it in ..BOOM whole network is compromised because he is admin!

Yes, that's exactly how the Stuxnet worm was used to target specific industrial sites by leaving them in washrooms for people with clearance to enter the main building to pick up. Very nasty indeed, especially because it had like 4 x 0-day exploits in it and was written specifically to disrupt control software (like power stations, etc).

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now