Announcement

Collapse
No announcement yet.

Threat from USB Thumb Drives

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by james2go30
    The site I work is a beach resort condominum complex...its not got any classified govermental stuff here...is this device still a problem for us...like info on f/d pc's that could be used for identity theft? Just curious.
    These devices present a potential problem for any PC to which unauthorized people might have physical access and that have "active" or "live" USB ports, as most do...most of them now being located right on the front of the machine for easy access, in fact. Identity theft is, of course, one possible form of attack. It's amazing how different software can "litter" the computer's hard drive with different kinds of "backup" files, etc. that the user does not even know anything about...but savvy hackers do. These so-called "temporary" files are often left out of the user's encryption process, by the way. And, of course, some will carry away even encrypted files to be cracked later at leisure. Encryption alone is not the "savior" some presume it to be, and must be integrated with many other elements of security in order to be effective against all but the most casual of attacks.

    As I also explained, the PC can be used as a "host" whereby the individual attaches the thumb drive containing a complete operating system and other utilities and application software. They "boot" into the OS on the thumb drive and then "leech" onto a network (which might be the Internet, for instance) and conduct their activities, which might be illegal (for instance, transferring kiddie photo files, or accessing a remote server using the host PC's "trusted" IP address) without leaving a trace behind other than some very vague logfile entries on the host and ISP systems, if that, (and even these vapor trails would simply point to the innocent host!)

    This offers the prospect, for instance, of a terrorist conducting activities over the Internet using available machines such as those found in public libraries and universities, or any other PC they can access, and then simply walking away with the evidence of his activity in his pocket, not left on the host.

    Other possibilities include the ability to use the thumb drive to install a "back door" to the host. The individual does nothing more than this while physically "on site", so the attack might only take a couple of minutes. Then, they leave and will access the compromised host remotely from another place - perhaps halfway around the world - at a later time.

    The bottom line is that every PC, no matter who owns it or where it's located, should be secured from unauthorized physical access when not in use or under direct authorized supervision. We know this to be true for many other reasons, but still we don't do it.

    And the problem is made all the more complex by laptops and other portable systems. I was in a restaurant restroom not long ago and saw that a man had parked his laptop on a wall shelf while he used one of the stalls. It's hard to believe that anyone who has been even semi-conscious over the last few years would still be so ignorant about all the security breaches he was committing...but some are, or maybe they just don't care. After all, it's just the company laptop, not theirs!
    Last edited by SecTrainer; 01-14-2007, 11:40 AM.
    "Every betrayal begins with trust." - Brian Jacques

    "I can't predict the future, but I know that it'll be very weird." - Anonymous

    "There is nothing new under the sun." - Ecclesiastes 1:9

    "History, with all its volumes vast, hath but one page." - Lord Byron

    Comment


    • #17
      Some might recall a video I posted on another thread. After reading this thread the actions of those police officers at UCLA seem A LOT more than justifiable...
      ~Super Ninja Sniper~
      Corbier's Commandos

      Nemo me impune lacessit

      Grammical and Spelling errors may occur form time to time. Yoov bin worned

      Comment


      • #18
        this has been a issue for quit a while now, not just in this industry. The best way to remove this option is to simple set system policies disabling of all USB drives and an automated message once a third-party hardware device is just installed.

        Comment


        • #19
          From what I am reading here then, computer security must follow/use the same wording as physical security but meaning different things to lessen this exposure.

          Barriers
          Controls
          Supervision
          Quote me as saying I was mis-quoted.
          Groucho Marx

          Comment


          • #20
            Originally posted by SecTrainer
            These devices present a potential problem for any PC to which unauthorized people might have physical access and that have "active" or "live" USB ports, as most do...
            Very true. It is not only the USB Drives, but virtually any two-way communication device that can run a password extraction, cookie grab or history grab application. Think about it; you probably use one every day.

            "Hey there, can I charge my iPod on your computer?"
            "Sure"
            [he plugs it in; the iPod runs an embedded app and retrieves the user's password list]

            There are many such exploits run each day. While your ISM staff is requiring you to physically search bags and protect against laptop theft, there are far more opportunities to get data for aan exploit...
            Best regards, Steve Surfaro
            Panasonic Systems Solutions / Strategic Technical Liaison

            Industry Panasonic|ASIS Physical Security Council|SIA Standards|BICSI |NICET |SecurityInfoWatch.com |NetworkCameraReviews|IPCameraForum
            Fun Head-Fi|BikeForums.net|CandlePower Forums|24|My Gallery|My other car is a Trek Y-50

            Comment


            • #21
              Originally posted by stevesurf
              Very true. It is not only the USB Drives, but virtually any two-way communication device that can run a password extraction, cookie grab or history grab application. Think about it; you probably use one every day.

              "Hey there, can I charge my iPod on your computer?"
              "Sure"
              [he plugs it in; the iPod runs an embedded app and retrieves the user's password list]

              There are many such exploits run each day. While your ISM staff is requiring you to physically search bags and protect against laptop theft, there are far more opportunities to get data for aan exploit...
              Flash memory cards for instance? LIke Secure Digital Cards? Or XD Cards?
              ~Super Ninja Sniper~
              Corbier's Commandos

              Nemo me impune lacessit

              Grammical and Spelling errors may occur form time to time. Yoov bin worned

              Comment


              • #22
                Beware Free Thumb Drives:

                I recently ran into a very interesting article where a security company was asked to assess network security for a credit union. They wrote a trojan program and installed it on some thumb drives. They then figured out a way to get the thumb drives into the hands of employees. Guess what happens next!
                I recommend that you read this article for yourselves. Genuine hackers could of done some serious damage. They could of possibly had client account numbers emailed to them!

                Here's a link to the article:
                http://www.darkreading.com/document....556&print=true
                Nine Eleven Software: http://www.nineelevensoftware.com
                Affordable Law Enforcement Software: Mobile Police RMS with Electronic Report Writing, Case Management and Document Imaging, Booking System, Property and Evidence, Grant Management, HR and More.

                Comment

                Leaderboard

                Collapse
                Working...
                X