-
June 9th, 2006, 10:09 PM
#1
This is simply brilliant
Oh the humanity..
A SECURITY outfit found the easiest way to crack into a company's systems was to leave a few Trojan laced USB drives scattered around the front door.
More at source:
http://www.theinquirer.net/?article=32311
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
-
June 9th, 2006, 10:25 PM
#2
Very funny...
Very sad...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 9th, 2006, 10:30 PM
#3
Junior Member
haha indeed brilliant
except, the employees did know there was an attacked planned.
So if i was an employee of that company and i would find an usb stick
and so did 14 others, i would get suspicious
But that's me i guess ...
... paranoid
-
June 9th, 2006, 10:36 PM
#4
Lol back in my electronic prankster days I used to do this with Floppy disks. Not anything new but certainly fun to watch when the employees already knew.
-
June 9th, 2006, 11:02 PM
#5
Hmmmm,
The company obviously has an inadequate security policy, or certainly one that is not enforced properly.
I know quite a few places where taking an external device on site and attaching it to the organisation's kit would get you fired.
Let's face it, if you have a lousy policy and lousy enforcement you are vulnerable, period.
Not so much a case of "if" but "when"?
-
June 12th, 2006, 10:37 AM
#6
I had a good think about this one.
We've not considered USB drives to be a significant risk over and above anything else. Especially for information theft data can be emailed out, printed out, written to CD etc etc.
For malware we didn't consider USB drives to be a greater risk than staff bringing in CDs or floppies.
As for sticking them into the PC, I've got to admit that until that story I would have stuck the drive in to find out the owner. CD autoboot is blocked by default and I would have assumed that USB autoboot was also blocked. But it isn't.
I've got some of our guys looking into blocking of the autoboot function hopefully something that can be done without purchasing software.
We might need to modify policy to more explicitly oppose plugging in untrusted devices.
-
June 12th, 2006, 12:28 PM
#7
The specially written trojan that collected passwords, logins and machine-specific information from the user’s computer, and then emailed the company with the findings. Stasiukonis said that the attack was so simple and beat the hell out of hanging out with the smokers, sweet-talking receptionists, or commandeer a meeting room and jack into the network.
Haha, that's great...maybe Kevin Mitnick could learn a bit about this level of social engineering?
On a serious note, something like that isn't surprising at all (how sad is that?). In this day and age of ease-of-use, people sacrifice security for convenience. If people had to pass a computer IQ test before owning a laptop or PC, not only would we have smarter users but we'd also have no job, haha... It's like pro-creating...just because two people can doesn't mean it's the best idea.
At work we've removed the floppy and usb devices by disabling them in the bios which is also password-protected. Prevents a lot of nasties coming into the workplace but also keeps data at the workplace to a better degree. Now if we could only block hotmail, yahoo mail, and any other free webmail service, it'd be a lot more locked down but that's almost prohibitive.
We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.
-
June 12th, 2006, 01:00 PM
#8
Originally posted here by Aspman
I've got some of our guys looking into blocking of the autoboot function hopefully something that can be done without purchasing software.
I think that there's a registry tweak to block it.
-
June 12th, 2006, 01:44 PM
#9
haha indeed brilliant
except, the employees did know there was an attacked planned.
So if i was an employee of that company and i would find an usb stick
and so did 14 others, i would get suspicious
But that's me i guess ...
... paranoid
I don't know if this is the case, but perhaps when the employees were warned about an attack, they were envisioning some cracker at a keyboard trying to break in. In any event, it seems this company needs to do some serious threat awareness training (besides, of course, disabling access for this kind of device).
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
June 12th, 2006, 02:27 PM
#10
I think that there's a registry tweak to block it.
TheHorse13 posted the registry edit here
http://www.antionline.com/showthread...&highlight=usb
I believe vista has a way to disable it built in....
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|