<quote who="K.S. Bhaskar"> > > chuck5566 wrote: >> "I would have loved to be on the inside of the building watching as >> people started plugging the USB drives in, scouring through the >> planted image files, then unknowingly running our piece of software." >> >> I suspect it wasn't autorun, this time, based on the last part of that >> sentence from the article's author. > [KSB] If it wasn't autorun, that's even scarier!
There are several ways this can be done. If a person is viewing directories in thumbnail view, they probably wouldn't easily be able to tell the difference between an .exe and a .jpg. By default file extensions are hidden in WindowsXP (as it was in 98). The other thing they could have used is this: http://www.us-cert.gov/cas/techalerts/TA04-260A.html Although it was patched in SP2, you would be surprised at how many businesses are not updated. Also, even though you have SP2, you still have to patch MS Office (if you use it) to be semi-safe. Then there was this: http://www.ciac.org/ciac/bulletins/q-085.shtml Which was known about for about a year before it was patched. The real problem is that company had no system level security in place. Didn't have any Internet port security and didn't do any traffic analysis... Users should not be able to execute unauthorized code. Personal firewalls should prevent rouge programs from accessing the network. The border firewall should have all outbound ports blocked except 80 and that should go through a transparent proxy. Proxy data should be analyzed and blocked real time. I could go on and on. In the end, a financial institution should be more secure. You wouldn't and shouldn't expect that kind of attack to fail at your average company. Financial institutions need better security because they are targets more often. The biggest threat is keyloggers. Very hard to fix that problem. Especially if you use a wireless keyboard... http://www.techweb.com/wire/security/159901593 Internet security is so under valued. <sniff> <sniff> I guess that's why I'm so poor. :) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members
