silly password restrictions was:Re: [clug] secure remote access
method
Alex Satrapa
alexsatrapa at mac.com
Mon Jun 22 01:13:20 GMT 2009
On 20/06/2009, at 17:04 , Robert Edwards wrote:
> The problem is your system allowing anyone to plug in an arbitrary
> USB device in the first place. That USB device could masquerade as a
> USB
> HID (ie. keyboard or mouse) and send arbitrary key sequences to your
> system (eg. "Windows key"->open Internet Explorer->type in a bad
> URL->Javascript downloads all your cookies or whatever->close IE...
> system compromised - could happen when you aren't looking...). It also
> wouldn't be _too_ hard to make such a device look like a Yubikey, but
> even easier to make it look like an innocent USB memory stick that
> someone accidentally left lying around...
Why go to all that effort when all you need to do is write a custom
program and an autorun.inf file that will do it all for you, and will
use the user's own USB memory stick?
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/15/BU47V0VOH.DTL&type=printable
http://blogs.msdn.com/e7/archive/2009/04/27/improvements-to-autoplay.aspx
Of course the "automatic keyboard macro" idea applies to other
operating systems too, but good luck getting them to work the same way
for the same keystrokes. Student project indeed!
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 220 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/linux/attachments/20090622/4dd8c848/PGP.bin
More information about the linux
mailing list