A site devoted to discussing techniques that promote quality and ethical practices in software development.

Saturday, January 17, 2009

Next time you find a USB drive lying around beware...

This experiment reported here shows that there is no free lunch:
....Steve Stasiukonis of Secure Network Technologies during a penetration test for a customer. He seeded the customer's parking lot with USB flash drives, each of which had a Trojan horse installed on it. When the employees arrived for work in the morning, they were quite excited to find the free gadgets laying around the parking lot. Employees eagerly collected the USB drives and plugged them into the first computers they came across: their own workstations.
Maybe some employees were wise enough to ignore these USB drives, and perhaps some of the USB drives were discarded, but it really only took one user with one drive to infect his own system and provide a gateway into the network. Stasiukonis did this exercise as a test, of course, but this technique has been used by real criminals to infiltrate large corporate networks.

No comments:

Blog Archive