Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: This is simply brilliant

  1. #11
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Posts
    1,152
    Hmmm. Is there a way to block 'Autorun' only, still allowing drives to work?

  2. #12
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    And that while I know a company who fired people who let collegues do a quick thing while they were still logged in under their own name.

    This guy on http://www.darkreading.com/boards/me...?msg_id=134597 put it nicely:
    You two have hit upon the very essence of the portable storage security problem-- the devices are meant to improve employee productivity, allowing employees to take work home with them. The guy who spilled all the data at Veterans Affairs was trying to be a good guy--he took his work home to do some extra, and then got his laptop stolen. The security people say shoot him, he exposed secure data. But if his laptop hadn't been stolen, he probably would have been praised for his extra effort. The technology is there to help the employees, and it seems that firing them, or denying them access to the technology, is contrary to its purpose. Yet, we can't just let these folks walk around with sensitive data, or allow them to introduce malware through curiousity about a found thumb drive. So what's the answer??
    Double Dutch

  3. #13
    Junior Member
    Join Date
    Jun 2006
    Posts
    2
    ha ha!!! that is brilliant!

    i would fall for that 1 , if i found a usb flash drive on the floor you can be sure I would use it
    http://img151.imageshack.us/img151/6...sturbed0hi.png
    Hardware: The part of the computer you can kick
    desturbed.org

  4. #14
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Originally posted here by Aspman
    Hmmm. Is there a way to block 'Autorun' only, still allowing drives to work?
    Yep.

    There is a reg key change for that too. Throw a lil search in Google. I can't remember off hand what the value is.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #15
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    In the article it stated they even knew an attack was comming but yet when these ''mysterious' USB drives appear in the front of the credit union about 20 of them they just stick them in and run it from there.

    Just goes to show you, curiosity killed the cat.

  6. #16
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    I believe the answer would be a VPN. Why would someone need 26 million records at home? That's just stupid.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  7. #17
    In And Above Man Black Cluster's Avatar
    Join Date
    Feb 2005
    Posts
    912
    http://support.microsoft.com/default...b;en-us;823732 ----> how to disable the usage of USB storage devices ....

    What we really miss these days is security awarness ... Not all people appreciate the importance of security .... I worked for an ISP lately .... their customer services and marketing teams were totally clusless when it comes to security .... and to add insult to injury, they all had administrative privileges .... I don't blame them, the IT team holds absolute responsibility .... the IT team did not apply the least of security basics to protect the network that is {nominally} the vein of cretical information flowing back and forth... they just let it vulnerable to leakage and violation ..... this is really disgusting ..... I really wish someone to hurt them a little bit ... just to make a wake up call for those whiners
    \"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
    Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

  8. #18
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    To quote the darkreading post:

    You two have hit upon the very essence of the portable storage security problem-- the devices are meant to improve employee productivity, allowing employees to take work home with them. The guy who spilled all the data at Veterans Affairs was trying to be a good guy--he took his work home to do some extra, and then got his laptop stolen. The security people say shoot him, he exposed secure data. But if his laptop hadn't been stolen, he probably would have been praised for his extra effort. The technology is there to help the employees, and it seems that firing them, or denying them access to the technology, is contrary to its purpose. Yet, we can't just let these folks walk around with sensitive data, or allow them to introduce malware through curiousity about a found thumb drive. So what's the answer??
    I'd have to disagree with the first bold line. It has nothing to do with him trying to be a "good" guy IMHO simply because usb thumb drives make data transportation so easy (upwards of 8gb drives or probably higher by now). When he signed his employment papers, there's undoubtedly a few lines or more about sensitive data, etc. It all starts with "well, it's only a few" followed by a few more times doing it, he sees everyone else doing it....maybe his boss even did it. Nobody's the wiser until something bad like this happens and he's the scapegoat that'll be crucified, drawn and quartered, tarred and feathered, etc... It doesn't matter if the president was doing the same thing, it'll always be the lowest man on the totem pole who gets axed.

    Prime example: everyone here knew about the Marriott incident where millions of customer information records with SSN, addresses, credit card numbers, etc on a tape got stolen, right?
    I personally knew the guy who's job it was to manage the backups (I worked at Marriott Vacation Club International for 3 years). His office had tapes everywhere, stacked up, drawers full...simply because tape management is almost impossible to do after a few weeks of inheriting. They have Iron Mountain, just like a lot of major businesses do. His office is locked every day, just like everyone else's. He comes in on a Monday and finds a few tapes missing. What does he do? The honest thing. He reports it immediately and that's when the sh*t hit the fan. He got ostracized from the higher-ups because of his "sloppiness", etc. Got suspended without pay until they were to decide his fate (which took a month before he got fired). How can one really blame him for something he didn't start, that everyone prior to him did, etc. I've got several administrator friends over there and they say "Yeah, before this happened, MI would call us and say 'Hey, did you guys get those tapes we mailed'...'No, haven't gotten them at all'...'Ok, we'll just send another batch'". They issued a mandate to have anyone with tapes in their possession to send them in so they can be identified and put away safely. They're STILL having tapes sent in by people that have ZERO rights to have them. VPs, receptionists, etc...saying things like "YEAH I FOUND THIS IN MY BOTTOM UNLOCKED DRAWER".

    I know I went on a diatribe there, but it pisses me the F off to see a case like that where there's so many guilty parties, yet one guy gets the axe because everyone got lax. The second bold part is not true either. I guarantee a lot more people than him were working from home using laptops from work with sensitive data on it and you can bet the bank THAT stopped after he got nailed.

    It always starts out small, like petty theft. Nothing bad happens, so it progresses more and more until eventually, something goes haywire and it's all over CNN.

    In the end, it's a lose-lose situation, really. The guy was trying to do work from home or wherever. No faulting him for that. What he really did wrong was have sensitive data on his laptop which wasn't in his actual office. Data integrity is immediately compromised the minute you have any alternate transfer/storage method available and trusting anyone to always do the right thing is open to interpretation.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  9. #19
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Originally posted here by Black Cluster
    http://support.microsoft.com/default...b;en-us;823732 ----> how to disable the usage of USB storage devices ....

    What we really miss these days is security awarness ... Not all people appreciate the importance of security .... I worked for an ISP lately .... their customer services and marketing teams were totally clusless when it comes to security .... and to add insult to injury, they all had administrative privileges .... I don't blame them, the IT team holds absolute responsibility .... the IT team did not apply the least of security basics to protect the network that is {nominally} the vein of cretical information flowing back and forth... they just let it vulnerable to leakage and violation ..... this is really disgusting ..... I really wish someone to hurt them a little bit ... just to make a wake up call for those whiners
    Working in an enterprise environment, it's almost impossible to employ security methods that aren't in some manner invalidated because of the white-list of allowed people. Prime example, we have a lot of people that watch streaming video and listen to streaming audio at work. Nothing's really wrong with the audio, it's the video that trenches the 10mb internet pipe. So, it's in the works to have policy written that's completely banning it and employing Websense policies. But, there's going to be a white-list of senior vps and the president to let them do what they want. Nothing is completely across-the-board and the IT team feel pretty helpless when they know the right thing to do, but since they're on the bottom, it's promptly ignored by people who don't have the awareness of security. Been there, done that, hehe....
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  10. #20
    Junior Member
    Join Date
    Sep 2002
    Posts
    22
    That was great it sounds like something that would happed to some high security place. Cause hell i know some people in the army if they found a usb drive or other they would plug it in to any puter they found to find out what was on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •