USB Tokens Can Be Risky
I have heard about the “USB Token Penetration Test Experiment” that is reported on the searchsecurity.techtarget.com site. It illustrates how risky USB tokens are, not just to enterprises, but to everyone.
Did you know that if a USB token has an “autorun” file on it, that file will execute automatically as soon as it is inserted.
That program will have all the rights of the user who is logged in at the time, and it could have access to every file on the system. This is one reason why many enterprises disable USB token access.
At the very least, you should always disable “autorun” for any CDs or removable drives, and if you must use a USB token, make sure you know that it’s trusted, or use your own.
- Scott
The Honey Stick Project » Social engineering research without the stakeout on 26 Feb 2008 at 6:12 pm #
[…] It was actually inspired by the now-legendary social engineering penetration test that I wrote about on the Security Views website (click HERE). […]