Exploiting Autorun: Threats, Vulnerabilities and Countermeasures of the Autorun Functionality Associated with Portable Data Storage Devices by Kevin M
Exploiting AutoRun: Threats, Vulnerabilities and Countermeasures of the AutoRun Functionality Associated with Portable Data Storage Devices by Kevin M. Williams, CISSP Abstract - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - On the battlefield of Information Security, amidst hackers, crackers, phreakers, and phrackers, cyber warriors, organized crime, script kiddies, and hacktivists, the last thing information security professionals would imagine having to worry about would be portable data storage devices. Nevertheless, a growing threat has emerged, stealing data and spreading malware by exploiting the seemingly benign nature of the AutoRun functionality associated with portable data storage devices. In this study, we examine the vulnerabilities present in AutoRun functionality, the threats that target these vulnerabilities, and the countermeasures to stop them. While the results show that vulnerabilities do exist, and the threats are real, there are many effective countermeasures available to the information security professional. Most notably, security awareness training programs that educate and empower users can be the most effective weapon in the information security professional’s arsenal. © 2008 Kevin M. Williams. All Rights Reserved. Table of Contents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Abstract .................................................................................................................................................
[Show full text]