Topics
General News Antivirus Reviews Network Defense Spyware Anti-Spam Phishing Scams Virus Alerts

Featured Product
Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available! Download Free Trial

Security Forums
Desktop Security Malware Removal Help Spam Blocking Patches and Hotfixes Network Security Firewalls and Routers Intrusion Detection Web Proxies Antivirus Support Symantec McAfee Trend Micro Other Antivirus

Quick Resources
About Antisource Malware Threats Triangle Free Virus Scan Virus Map

"Unpreventable" Security Exploits

Monday, June 19, 2006
Author: Jason N. Gaylord
Permalink: planted-usb-drive-trojan

General News

One of my colleagues, Steven Smith from ASPAlliance, pointed out an article to me involving an "unpreventable" security exploit. In short, a group of consultants were hired to assess security at a credit union. They planted some USB pen drives with a white trojan providing information to the network. Employees then found the drives, picked them up, and plugged them into their PCs [FULL ARTICLE]. Not good. This is one type of an "unpreventable" security exploit. I say its unpreventable because IT cannot prevent this. Rather, its the employees responsibility to learn what is acceptable and what is not. This is just one of the hardships that many IT professionals run into. It's not always a hole in the operating system or a virus in an email.

&quot;Unpreventable&quot; Security Exploits
Authored by: mechBgon on Thursday, June 29, 2006

It would be interesting to know the exact methodology used by the whitehats. I'd bet it's plenty preventable. Run Only Allowed Windows Applications whitelist? Disallowed-by-default Software Restriction Policy? No password hashes?

It does underscore the vulnerabilities brought on by employees + technology.
Reply to This