lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040628085415.B99037@fingers.shocking.com>
Date: Mon, 28 Jun 2004 09:03:12 -0700 (PDT)
From: RSnake <rsnake@...cking.com>
To: Chris Withers <chris@...plistix.co.uk>
Cc: Gadi Evron <ge@...tistical.reprehensible.net>,
   Harlan Carvey <keydet89@...oo.com>, full-disclosure@...ts.netsys.com,
   bugtraq@...urityfocus.com
Subject: Re: Re: USB risks (continued)



	Of course it's not.  That's just Microsoft's explination.  There's no
good reason, just a vague distinction.  My only point is that it isn't a
reliable attack vector, unlike an onboard CDROMs (the media, not the device
must be removable).  Here is how Microsoft defines it on their usbfaq page
(sorry, the links are broken, I just cut and pasted from
http://www.microsoft.com/whdc/device/storage/usbfaq.mspx):

Q: What must I do to trigger Autorun on my USB storage device?
If you need to make a USB storage device that executes Autorun, the following
two conditions must both be true:

. Media must be marked as removable.

. The device can be set to either static or removable.

We associate the "removable" nature of a device with the bus that it resides
on. This means that a disk on an Integrated Device Electronics (IDE) or SCSI
bus would be considered fixed, whereas a disk on a USB or IEEE 1394 bus would
be regarded as removable by default. PnP uses a bit in the DEVICE_CAPABILITIES
structure to determine this. For more information, see the DEVICE_CAPABILITIES
Plug and Play Structure in the Windows DDK, located at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmarch/hh/kmarch/k112_22r6.asp.

The "removable" nature of media is a property of the device. For example, in
the case of a CD-ROM or a ZIP drive, the medium can be removed without the
device itself going away, but on the other hand the medium and the disk cannot
be separated on static storage PC cards. We obtain this information by using
the StorageDeviceProperty request. For more information, see the
STORAGE_DEVICE_DESCRIPTOR Storage Structure in the Windows DDK, located at
http://msdn.microsoft.com/library/en-us/storage/hh/storage/k306_00qa.asp.


On Mon, 28 Jun 2004, Chris Withers wrote:

| Date: Mon, 28 Jun 2004 11:59:11 +0100
| From: Chris Withers <chris@...plistix.co.uk>
| To: RSnake <rsnake@...cking.com>
| Cc: Gadi Evron <ge@...tistical.reprehensible.net>,
|      Harlan Carvey <keydet89@...oo.com>, full-disclosure@...ts.netsys.com,
|      bugtraq@...urityfocus.com
| Subject: [Full-Disclosure] Re: USB risks (continued)
|
| RSnake wrote:
| > writeable, but the drives aren't removeable on CDs.  That of course isn't true
| > if you have a USB drive, but I think part of the deal there is that you need to
| > install special drivers to even read USB CD drives.
|
| ...that's not true ;-)
|
| Chris
|
| --
| Simplistix - Content Management, Zope & Python Consulting
|             - http://www.simplistix.co.uk
|
| _______________________________________________
| Full-Disclosure - We believe in it.
| Charter: http://lists.netsys.com/full-disclosure-charter.html
|

-R

The information in this email is confidential and may be legally
privileged.  It is intended solely for the addressee.  Access to
this email by anyone else is unauthorized.  If you are not the
intended recipient, any disclosure, copying, distribution or any
action taken or omitted to be taken in reliance on it is
expressly prohibited and may be unlawful.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ