Home Cascade Consulting Archives About AutoCAD History Page
Vasari Talk 24 - Introducing Autodesk FormIt and Vasari Beta 2
2013 Academy Award Nominees for Best Visual Effects Used Autodesk Software

Security Tip on USB Thumb Drives

09 January 2013

I know many of my friends are in Vegas this week for CES and thought I would point out one of the biggest threats to your computer and network, thumb drives. You see them at most trade shows or even just laying around in public like the one I found at the gym yesterday.

USB Thumb Drive left on Fitness Equipment

Many of the largest network compromises including governments, top secure military facilities, and even nuclear reactors have occurred because the bad guys have figured out people will grab these thumb drives (“sweet, free hardware”) and stick them into their machines without even a thought about it. The problem is some of the amazing free found USB thumb drives contain trojan software code that gets installed on your machine once inserted. After inserting a malicious USB thumb drive your machine and the security rights it has are provided to the malicious trojan thus the criminals or data stealing or damaging code can spread to your corporate and other networks.

You can even have a network breach/compromise without a target computer even connected to the web or network in a secure DMZ area by one person inserting that malicious thumb drive into a machine in that secure environment. I have seen at military bases where the USB ports on computers were actually epoxy glue filled so that nobody could insert any USB device.

Your USB port and Wi-Fi are two most insecure highways onto your computer besides executing unknown free software from the web.

Save yourself the potential problems and spend $15 for a thumb drive at the store, and always format before use. So just think when you see a free USB thumb drive sitting on a chair or on a table in public, it could be a big trap.

Be secure out there,

Shaan

Update: @Kitestyle_twit on Twitter pointed out one more good tip for mitigating the USB threat and that is disabling the autoplay setting on your computer. But the malicious USB could be placed in almost any computer, and not all will have autoplay disabled. Microsoft should disable it by default in a service pack.

 

USB Flash Drive Security from Wikipedia
http://en.wikipedia.org/wiki/USB_flash_drive_security

Posted on 09 January 2013 | | Comments (6)

Comments