Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: SciFi-like virus stories ?

0 views
Skip to first unread message
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted

The Natural Philosopher

unread,
Jan 14, 2010, 10:10:57 AM1/14/10
to
J G Miller wrote:
> On Thu, 14 Jan 2010 01:38:51 -0800, Greegor wrote:
>
>> I know I shouldn't laugh, but I just couldn't help it!
>
> Well security on Micro$loth windoze systems is rather a laugh, is it not?
>
> If the USB key was plugged into a BSD or GNU/Linux system and then
> examined with the usual tools, without any HAL automounting and clever
> script to automagically run any .autorun files present through WINE, no
> infection would result would it?

why would one ever run automount and WINE anyway?

Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted

Maxwell Lol

unread,
Jan 20, 2010, 9:47:45 AM1/20/10
to
J G Miller <mil...@yoyo.ORG> writes:

> For example, they have a USB stick with software on it which is Windoze
> only and they want it to run automagically every time they plug in the
> USB stick.


That's like walking around in a men's prison with one's pants down....

I've played with various U3 hacking toolkits. I have disabled any sort
of automatic action when examining USB drives. Or so I thought.

Just last night I plugged in a USB drive on my Windows XP box.

Next thing I know it said it had installed a driver and I have to reboot my
laptop! Grrr. And it wasn't even a U3 USB drive.


Stan Bischof

unread,
Jan 20, 2010, 12:17:54 PM1/20/10
to

If you are running as admin in Windows _and_ have autorun
up and running, you get exactly what you deserve!

Stan

Maxwell Lol

unread,
Jan 20, 2010, 4:42:11 PM1/20/10
to
Stan Bischof <st...@newserve.worldbadminton.com> writes:

>
> If you are running as admin in Windows _and_ have autorun
> up and running, you get exactly what you deserve!
>
> Stan

This is what I had in my registry.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff

And still a driver was installed.

Message has been deleted

David W. Hodgins

unread,
Jan 20, 2010, 7:08:14 PM1/20/10
to
On Wed, 20 Jan 2010 16:42:11 -0500, Maxwell Lol <nos...@com.invalid> wrote:

> And still a driver was installed.

OT for linux, but see ...
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Maxwell Lol

unread,
Jan 23, 2010, 8:20:28 AM1/23/10
to
"David W. Hodgins" <dwho...@nomail.afraid.org> writes:

> On Wed, 20 Jan 2010 16:42:11 -0500, Maxwell Lol <nos...@com.invalid> wrote:
>
>> And still a driver was installed.
>
> OT for linux, but see ...
> http://www.us-cert.gov/cas/techalerts/TA09-020A.html

Thanks. I'm not a Windows IT guy. I appreciate this.

0 new messages