Topics
General News Antivirus Reviews Virus Alerts Spyware Anti-Spam Phishing

Featured Product
Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available! Download Free Trial

Antivirus Forums
Forum Index General Topics Antivirus Software Malware Removal Help Security Topics General Security Discussion Spam/Email Topics Firewalls and IDS Patches/Hotfixes/Exploits Web Filtering and Proxies

Quick Resources
About Antisource Malware Threats Triangle Free Virus Scan Virus Map

Popular Articles
VX2 Malware CoolWebSearch Antimalware Mini-Roundup Review of 11 Popular AV NewDotNet

"Unpreventable" Security Exploits

Monday, June 19, 2006
Author: Jason N. Gaylord
Permalink: planted-usb-drive-trojan

General News

One of my colleagues, Steven Smith from ASPAlliance, pointed out an article to me involving an "unpreventable" security exploit. In short, a group of consultants were hired to assess security at a credit union. They planted some USB pen drives with a white trojan providing information to the network. Employees then found the drives, picked them up, and plugged them into their PCs [FULL ARTICLE]. Not good. This is one type of an "unpreventable" security exploit. I say its unpreventable because IT cannot prevent this. Rather, its the employees responsibility to learn what is acceptable and what is not. This is just one of the hardships that many IT professionals run into. It's not always a hole in the operating system or a virus in an email.

&quot;Unpreventable&quot; Security Exploits
Authored by: mechBgon on Thursday, June 29, 2006

It would be interesting to know the exact methodology used by the whitehats. I'd bet it's plenty preventable. Run Only Allowed Windows Applications whitelist? Disallowed-by-default Software Restriction Policy? No password hashes?

It does underscore the vulnerabilities brought on by employees + technology.
Reply to This