| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Apr 2008 16:00:10 -0700 From: coderman <coderman@...il.com> To: "Rob Thompson" <my.security.lists@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft device helps police pluck evidencefrom cyberscene of crime On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson <my.security.lists@...il.com> wrote: > ... > > Meaning if you disable autorun on all USB/Firewire/"hot-plug" devices > > does it potentially eliminate this threat? > > I doubt it. They probably have something coded into the device that > works with something "special" within Windows. But again, just an > assumption. I haven't gotten my paws on one of these yet. Though I'm > sure that it you look hard enough, it can be found. you'd have to epoxy over those ports. putty epoxy in the USB, firewire, PCCard , and related slots. it's been done, for regulatory compliance. works great. gets your hands messy. but seriously, who will take such measures on their home PC? last but not least, the cold boot disk encryption attacks showed how even the plugged ports could be worked around with a quick reboot and a can of keyboard cleaner... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists