|
|
"Unpreventable" Security Exploits
Monday, June 19, 2006
Author: Jason N. Gaylord
Permalink: planted-usb-drive-trojan
|
General News
|
|
One of my colleagues, Steven Smith from ASPAlliance, pointed out an article to me involving an "unpreventable" security exploit. In short, a group of consultants were hired to assess security at a credit union. They planted some USB pen drives with a white trojan providing information to the network. Employees then found the drives, picked them up, and plugged them into their PCs [FULL ARTICLE]. Not good. This is one type of an "unpreventable" security exploit. I say its unpreventable because IT cannot prevent this. Rather, its the employees responsibility to learn what is acceptable and what is not. This is just one of the hardships that many IT professionals run into. It's not always a hole in the operating system or a virus in an email.
Read the full article at "Unpreventable" Security Exploits
|
"Unpreventable" Security Exploits
Authored by: mechBgon on Thursday, June 29, 2006
It would be interesting to know the exact methodology used by the whitehats. I'd bet it's plenty preventable. Run Only Allowed Windows Applications whitelist? Disallowed-by-default Software Restriction Policy? No password hashes?
It does underscore the vulnerabilities brought on by employees + technology.
Reply to This
|
|