 |  |  |  |  |  |  |  |
Second hand security slip-up down under
Reports are filtering through that delegates at the annual Australian AusCERT security conference were given USB sticks replete with malware. It would appear that the Oz telco Telstra handed out the memory sticks, unware of the malware payload, during a security tutorial of all things.
The malware apparently took advantage of the Windows autorun feature in order to transfer itself onto whatever host the stick got plugged into, well whatever Windows host that is. As luck would have it, the particular malware in question is only rated as being a low risk according to McAfee which has examined one of the rogue devices.
Being a journalist who specializes in IT security pretty much these days, and so who gets to attend a lot of security conferences, I cannot say I am altogether surprised. I have lost count of the number of such events where I have been able to quickly scan and detect numerous unsecured wireless networks and where 'researchers' attend with the express intention of finding such security holes and jumping in with both feet to see what resources can be compromised. Often it is the people who should know best who seem most liable to suffer from complacency, and security conferences are a great example of this genre of should have known better syndrome.
I was at a huge security conference in Europe last year where the press room had open terminals for use by journalists to file reports, check email and do whatever research needed doing in the press room between interviews. Sitting down to take my place after a very high profile and very highly respected IT security writer I was bemused to find myself able to access his Gmail web based email account in its entirety as he had forgotten that this was a public terminal and therefore had not flushed the browser cache to delete his login data. I fired up the default IE browser, navigated over to Gmail and found myself sitting at his login prompt with autocomplete happily going about completing his login information for me.
I have seen USB memory sticks used in all sorts of security exploits as well, not least in the case of so called 'seeding' where infected sticks are left on desks or even pavements in strategic locations, just waiting for the one employee of the target organization who cannot resist the urge to see what is on there to insert it into a desktop machine.
So you could say I am not easily surprised, but what does surprise and rather shock me about this particular case in Australia is that the USB sticks being distributed by a large telco were apparently pre-owned, second-hand ones. I mean, how cheap do you have to be to use pre-owned USB sticks? These things are so cheap brand new that you will be finding them in Xmas crackers soon...
The malware apparently took advantage of the Windows autorun feature in order to transfer itself onto whatever host the stick got plugged into, well whatever Windows host that is. As luck would have it, the particular malware in question is only rated as being a low risk according to McAfee which has examined one of the rogue devices.
Being a journalist who specializes in IT security pretty much these days, and so who gets to attend a lot of security conferences, I cannot say I am altogether surprised. I have lost count of the number of such events where I have been able to quickly scan and detect numerous unsecured wireless networks and where 'researchers' attend with the express intention of finding such security holes and jumping in with both feet to see what resources can be compromised. Often it is the people who should know best who seem most liable to suffer from complacency, and security conferences are a great example of this genre of should have known better syndrome.
I was at a huge security conference in Europe last year where the press room had open terminals for use by journalists to file reports, check email and do whatever research needed doing in the press room between interviews. Sitting down to take my place after a very high profile and very highly respected IT security writer I was bemused to find myself able to access his Gmail web based email account in its entirety as he had forgotten that this was a public terminal and therefore had not flushed the browser cache to delete his login data. I fired up the default IE browser, navigated over to Gmail and found myself sitting at his login prompt with autocomplete happily going about completing his login information for me.
I have seen USB memory sticks used in all sorts of security exploits as well, not least in the case of so called 'seeding' where infected sticks are left on desks or even pavements in strategic locations, just waiting for the one employee of the target organization who cannot resist the urge to see what is on there to insert it into a desktop machine.
So you could say I am not easily surprised, but what does surprise and rather shock me about this particular case in Australia is that the USB sticks being distributed by a large telco were apparently pre-owned, second-hand ones. I mean, how cheap do you have to be to use pre-owned USB sticks? These things are so cheap brand new that you will be finding them in Xmas crackers soon...
Similar Threads
- using c++ file handling write a salary slip (C++)
- AVG not healing viruses + Security Alerts not recognising security software (Viruses, Spyware and other Nasties)
- error c2296: '/': "left hand"; :c2297: "right hand" illegal.... (C++)
- reformatting and pain. must the 2 go hand in hand? (Windows 95 / 98 / Me)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd apple avatar bluegene botnet browser business cellphone censorship china chips copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox gadget games gaming google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing mcafee medicine memory microsoft mobile mozilla music news openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk usb video virus vista web windows windows7 working worm x86 xbox yahoo youtube
