Vladimir Ivanov ([info]ivlad) wrote,
@ 2007-02-13 05:56:00
Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Current location:Boston
Entry tags:security

безопасность, говорите? ;) фаирволы и айдиэсами?..
As a research project, a consulting firm sent USB sticks to finance directors at 500 firms in the UK. The memory devices purported to be invitations to "the Party of a Lifetime" with an anonymous sender but were actually part of an experiment. Nearly half of the finance directors inserted the stick into company computers. Media companies fared the worst in the experiment, with 65 percent putting the memory stick into computers. At technology, retail and transportation companies, the figure was between 38 and 39 percent. The devices could be used to plant malware on computer systems.

http://www.vnunet.com/computing/news/2173365/uk-firms-naive-usb-stick


(Post a new comment)


[info]spb_nick
2007-02-13 06:57 am UTC (link)
Фу, тошно. Даешь мейнфреймы взад :)! Ну или на худой конец тупые терминалы :)

(Reply to this)(Thread)

[info]ivlad
2007-02-13 06:09 pm UTC (link)
дада.. одна компания тут подготовилась к победоносному возвращению телнета в мир... ;)

(Reply to this)(Parent)

[info]biomorph
2007-02-13 07:10 am UTC (link)
Ну да, человеческий фактор.

...head of penetration testing at NCC Group, says inserting the stick could have jeopardized sensitive information...
На флешке можно организовать автозапуск?

(Reply to this)(Thread)

[info]ivlad
2007-02-13 06:10 pm UTC (link)
> На флешке можно организовать автозапуск?

а то!

(Reply to this)(Parent)

[info]gamajun
2007-02-13 07:22 am UTC (link)
Мы (по ТЗ) такое должны были ловить ещё в 2003 году :-)

(Reply to this)

[info]paxvel
2007-02-13 08:23 am UTC (link)
http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1

Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management.

(Reply to this)

[info]dil
2007-02-13 08:37 am UTC (link)
‘With USB sticks from an unknown source you should always run a virus check before you run any program.’

прэлэстно. А что туда подложат специально для вас написанный троян, который ни одним антивирусом не распознается, это всё фигня.

(Reply to this)(Thread)

[info]ivlad
2007-02-13 06:48 pm UTC (link)
ну, а как же ips, cisco secure agent и самая безопасная в мире ОС - windows vista? ;)))

(Reply to this)(Parent)

[info]pokemone
2007-02-13 02:51 pm UTC (link)
баян этот attack vector :)

я еще года три тому (как админством баловался) usb залепливал
юзаной жвачкой, уж извините за подробности :)

(Reply to this)

[info]pustota1
2007-02-14 10:13 am UTC (link)
Флэшка -- это флоппик сегодняшнего дня, так трудно понятъ?

(Reply to this)

Create an Account
Forgot your login?
Login w/ OpenID
English • Español • Deutsch • Русский…