Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yet Another "People Plug In Strange USB Sticks" Story

Posted by CmdrTaco on Wednesday June 29, 2011 @03:27AM from the gets-me-going dept.

Bruce Schneier's blog has a bit about a subject that gets my blood boiling too. He says "I'm really getting tired of stories like this: Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers... People get USB sticks all the time. The problem isn't that people are idiots... The problem is that the OS trusts random USB sticks."

1 of 639 comments (clear)

Min score:

Reason:

Sort:

Re:Windows by fuzzyfuzzyfungus · 2011-06-29 04:24 · Score: 5, Informative

Unfortunately, while this does preclude the lowest form of hackers, the ones with firmware-level access can still do their thing...

The most famous example are those fuckers at U3. In order to allow the delight of having an autorunning launcher pop up and annoy you every time you pop a flash drive in, they produced a little firmware modification that causes the flash drive to show up as a composite device containing one flash drive, and one CD-ROM. Since autoplay is generally still enabled on CDs, the CD contained the payload that executed the launcher.

They, as a commercial venture, weren't truly bent on malware-style evil; but they provide a good example of how it could be done.