7/4/06

USB Attacks

This is an interesting, if obvious, attack. It harkens back to the historical—something we neglect more and more in network security. (And I have mentioned this too many times for me to repeat it here. Search for "history" in the search window of my blog site.) History will remind us that the viruses were originally spread on floppy disks. The obvious successor, with some twists, is the USB Flash Drive or "thumb drive". The twists include:
  • Many computers are configured to Autorun removable devices when inserted into the computer
  • USB thumb drives are still attractive enough that most people will pick them up, carry them off, and insert them into a computer the first chance they get.


Someone might do the second to see who owns the disk to return it, out of curiosity as to what is on it, or as a precursor to reformatting the drive.

Read more at: What would you do with a thumb drive you found on the street? What would your CEO do? And what does your security policy say about this? -----

No comments: