lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <6450e99d0804301747q3e581603q58391375f7786804@mail.gmail.com>
Date: Thu, 1 May 2008 10:47:52 +1000
From: "Ivan ." <ivanhec@...il.com>
To: coderman <coderman@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft device helps police pluck
	evidencefrom cyberscene of crime

more info

http://www.news.com/8301-10789_3-9932600-57.html?tag=blog.promos

On Thu, May 1, 2008 at 9:00 AM, coderman <coderman@...il.com> wrote:
> On Wed, Apr 30, 2008 at 2:17 PM, Rob Thompson
>  <my.security.lists@...il.com> wrote:
>
> > ...
>  >  > Meaning if you disable autorun on all USB/Firewire/"hot-plug" devices
>  >  > does it potentially eliminate this threat?
>  >
>  >  I doubt it.  They probably have something coded into the device that
>  >  works with something "special" within Windows.  But again, just an
>  >  assumption.  I haven't gotten my paws on one of these yet.  Though I'm
>  >  sure that it you look hard enough, it can be found.
>
>  you'd have to epoxy over those ports.  putty epoxy in the USB,
>  firewire, PCCard , and related slots.  it's been done, for regulatory
>  compliance.  works great.  gets your hands messy.
>
>  but seriously, who will take such measures on their home PC?
>
>  last but not least, the cold boot disk encryption attacks showed how
>  even the plugged ports could be worked around with a quick reboot and
>  a can of keyboard cleaner...
>
>
>
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ