Candy From Strangers
Regrettably this is definitely something people need to keep in mind. Found a USB key? Consider checking it in a secure machine, ideally using something rock solid & taint-proof like Knoppix. Checking it on a machine with admin privileges could be a recipe for disaster. (In fact, it is possible to put autorun.inf files on USB keys with WinXP, AFAIK.)
Candy From Strangers: "Source: F-Secure Weblog
Hypothetical One: There's a wallet lying on the ground outside of your office building. It almost certainly contains confidential information. Would you pick it up, open it, determine to whom it belongs, and take steps to return it to them? Many/most people would probably try to be helpful in such a situation.
Hypothetical Two: There's an open box of chocolates lying on the ground outside of your office building. It appears to contain delicious treats. Do you put a piece in your mouth and taste? Most people would probably either ignore the box or put it in a nearby trashcan.
So why did people pick up a USB stick and then insert it into their computer during a security audit as was written about here? Perhaps because USB sticks are so cool…
Or perhaps training often only includes what not to do (a list too long to ever be complete) rather than how to think about the computers within a secure environment. To the non-security minded (regular people), inserting a USB stick is more likely akin to opening a wallet and examining the contents. There " ...
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home