[Informatics] Data security - USB attack
rb
bouman.reinier.r at edumail.vic.gov.au
Tue Nov 22 07:41:09 AEDT 2016
And there are some attack/exploit variants on the "usb reports as a
keyboard, therefore MS-Windows will accept this device and security
isn't setup to scan keyboards".
Most notably the 'rubber ducky' and now its arduino $1 and $3 equivalents.
Fun for the whole family. Is there a work around? Maybe:
1.no usb policy at work.
2.if bios allows, disable all but 1 usb port [a real keyboard..] 3.change OS
On 18/11/2016 1:56 PM, Mark wrote:
> You find a USB drive in your mailbox (a recent phenomenon in some
> Melbourne suburbs), perhaps with inviting promises attached.
>
> You plug it in to your computer. Because - hey! Free USB stick. That's
> gotta be worth 50c.
>
> ...AND you're toast.
>
> https://www.wired.com/2016/11/wickedly-clever-usb-stick-installs-backdoor-locked-pcs/
>
> "Today Kamkar released the schematics and code for a proof-of-concept
> device he calls PoisonTap: a tiny USB dongle that, whether plugged into
> a locked or unlocked PC, installs a set of web-based backdoors that in
> many cases allow an attacker to gain access to the victim’s online
> accounts, corporate intranet sites, or even their router. Instead of
> exploiting any glaring security flaw in a single piece of software,
> PoisonTap pulls off its attack through a series of more subtle design
> issues that are present in virtually every operating system and web
> browser, making the attack that much harder to protect against."
>
> Does *your* mailbox have a malware scanner?
>
> --
> /
> /
> Mark Kelly
>
> mark at vceit.com <mailto:mark at vceit.com>
> http://vceit.com
>
>
> _______________________________________________
> http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
> VCE Informatics Mailing List kindly supported by
> http://www.vcaa.vic.edu.au/vce/studies/infotech/itapplications3-4.html - Victorian Curriculum and Assessment Authority <br>
> http://www.vitta.org.au - VITTA Victorian Information Technology Teachers Association Inc <br>
> http://www.swinburne.edu.au/ict/schools - Swinburne University
>
IMPORTANT - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Training.
More information about the informatics
mailing list