Slashdot Mirror

← Back to Stories (view on slashdot.org)

USB Autorun Attacks Against Linux

Posted by CmdrTaco on from the don't-put-strangers-in-there dept.

Orome1 writes "Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS — including the addition of features that can allow Autorun attacks. This Shmoocon presentation by Jon Larimer from IBM X-Force starts off with a definition of autorun vulnerabilities and some examples from Windows, then jumps straight into the Linux side of things. Larimer explains how attackers can abuse these features to gain access to a live system by using a USB flash drive. He also shows how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not." I've attached the video if you are curious. Skip the first 2 minutes if you don't care where the lost and found is.

5 of 274 comments (clear)

  1. Re:The price of easy and automatic by Vanderhoth · · Score: 5, Informative

    I agree with you. Although, based on what I saw in the clips I was viewing the attacks seem to be more related to fancy sloppy interfaces such as auto loading thumbnails of pictures stored on a USB drive. Not so much because *nix is idiot proof, but because there is more of a focus on making a nice looking interface instead of a secure ok looking interface.

    I could be wrong.

  2. Re:The price of easy and automatic by asvravi · · Score: 4, Informative

    User-friendly
    Secure
    Functional

    Pick any two...

  3. OT: MS instructions for controlling in Windows by behindthewall · · Score: 4, Informative

    Maybe OT, but here's MS's information for controlling this "feature" in Windows.

    There've been various sets of instructions and registry hacks floating around, but this appears to be from the horse's mouth, relatively recently updated, and addresses some of the shortcomings of previous fixes.

    Article ID: 967715 - Last Review: September 9, 2010 - Revision: 6.2
    How to disable the Autorun functionality in Windows

    http://support.microsoft.com/kb/967715

    (I'm posting this due to the confusion all the various instructions / search results can create, and because this article addresses Autoruns and so I expect a number of Windows users will be having a look out of curiosity.)

  4. Re:Exactly by Nimey · · Score: 4, Informative

    Did you ever use the original Vista? Ever use Ubuntu or OSX from the same time period? Vista's prompt was a lot more annoying, because for some operations it would go off several times, while for the other two it'd ask you ONCE and then get the hell out of the way. Ubuntu would even remember your sudo credentials for a few minutes so you could do other tasks as root. Really a superior design.

    They made it less annoying with SP2 and again with Win7, yes, but the original setup was shit.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  5. Re:Exactly by trickyD1ck · · Score: 4, Informative

    All UAC does is basically confirm with whomever is currently sitting at the computer (authorized or not) that they initiated some arbitrary action.

    Unless you are a limited-rights user. Then you have to enter admin credentials.