Thursday, June 15, 2006

Social Engineering + USB Flash Drive = Dynamity Penetration!

This penetration method did impress me a lot! Get some USB drives, plan Trojans, enable autorun and scatter them where employeer can find them - next day you are an "insider" :-)

Dark Reading - Host security - Social Engineering, the USB Way - Security: "Of the 20 USB drives we
planted, 15 were found by employees, and all had been plugged into company computers. "

2 comments:

Anonymous said...

The one part that gets me is the "enable autorun" part...how is that done, if it's not enabled by default?

Harlan
http://windowsir.blogspot.com

Anton Chuvakin said...

Hmmm, I guess I goofed up; I suspect the original info was "have it already enabled"

I am not aware of any way to enable autorun FROM the removable media....

Dr Anton Chuvakin