Yet Another "People Plug In Strange USB Sticks" Story 639
Bruce Schneier's blog has a bit about a subject that gets my blood boiling too. He says "I'm really getting tired of stories like this: Computer disks and USB sticks were dropped in parking lots of government buildings and private contractors, and 60% of the people who picked them up plugged the devices into office computers... People get USB sticks all the time. The problem isn't that people are idiots... The problem is that the OS trusts random USB sticks."
not just autorun! (Score:5, Interesting)
autorun is NOT the only problem.
The most insidious thing I have seen in this department is little usb sticks that are built into advertising. When inserted, they just act like a keyboard instead of removable media. On windows, it opened up my Run dialog and typed in the URL of the site the advertiser wanted me to go to. With me logged in as an admin, just imagine what else it could have typed into that box.
Re:Only one way to fix this (Score:2, Interesting)
Came here to post the same thing. I found a USB stick in a restaurant near a college campus. I plugged it in to see if I could identify the owner to return. Yes, I realize the dangers of accessing strange memory. Why do you think I used my computer at work rather than expose my home system?
I blame the corporate IT folks. If you don't want people using the USB ports on your computers, why do you your computers have functioning USB ports?
Re:not just autorun! (Score:2, Interesting)
And yes they already use sending keyboard commands over usb to attack networks for example in a mouse [theregister.co.uk]