Topics
General News Botnets Exploit Kits Antivirus Reviews Network Defense Spyware Anti-Spam Phishing Scams Virus Alerts

Security Forums
Desktop Security Malware Removal Help Spam Blocking Patches and Hotfixes Antivirus Support Network Security General Security Current Threats Firewalls and Routers Intrusion Detection Web Proxies Vulnerability Assessment

Quick Resources
About Antisource Malware Threats Triangle What is my IP?

"Unpreventable" Security Exploits

Monday, June 19, 2006
Author: Jason N. Gaylord
Permalink: planted-usb-drive-trojan

General News

One of my colleagues, Steven Smith from ASPAlliance, pointed out an article to me involving an "unpreventable" security exploit. In short, a group of consultants were hired to assess security at a credit union. They planted some USB pen drives with a white trojan providing information to the network. Employees then found the drives, picked them up, and plugged them into their PCs [FULL ARTICLE]. Not good. This is one type of an "unpreventable" security exploit. I say its unpreventable because IT cannot prevent this. Rather, its the employees responsibility to learn what is acceptable and what is not. This is just one of the hardships that many IT professionals run into. It's not always a hole in the operating system or a virus in an email.
Read the full article at "Unpreventable" Security Exploits

&quot;Unpreventable&quot; Security Exploits
Authored by: mechBgon on Thursday, June 29, 2006

It would be interesting to know the exact methodology used by the whitehats. I'd bet it's plenty preventable. Run Only Allowed Windows Applications whitelist? Disallowed-by-default Software Restriction Policy? No password hashes?

It does underscore the vulnerabilities brought on by employees + technology.
Reply to This