|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] USB Auto run function
From: Harlan Carvey (keydet89
yahoo.com)
Date: Thu Jun 17 2004 - 08:35:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I have been interested in a potential exploit that
> may or may not be an
> issue, I read lately that a potential malicious file
> could enter a system
> via a USB Memory stick with a structured autorun.pif
> , and this file would
> operate even if the screen lock is activated .
This is an interesting topic of discussion. Like one
poster, I first saw this in the most recent issue of
2600. I began looking into it, and almost immediately
came up with this particular MS KB article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;136214
As you can see, KB136214 states pretty clearly that
*be default*, autorun.inf file processing is NOT
enabled for USB-connected thumb drives. I haven't
tested it myself, but another poster has stated that
while items in the "open=" line may not be launched,
the "icon=" line seems to be processed.
I read Gadi's comments:
http://catless.ncl.ac.uk/go/risks/23/41/4
I had some questions for Gadi, and fired off an email
but have yet to hear back.
While I do agree wholeheartedly that USB-connected
devices are definitely an issue within a network
infrastructure, it's not yet clear to me that the pose
the threats that have been presented.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]