The Power Of The Internet – small

While I’m talking about the power of the Internet, it is also worth mentioning that while you can attack a whole country it is also very easy to pick up some tools on the web to test your own company’s security. One of my favourites to show how easy it is to get employees to inadvertently give away information is the USB Switchblade / HackSaw. So, here’s the plot: buy a few USB memory sticks, load up Switchblade (it does need a little configuration) and then leave them around the organization. For example, in the cafeteria, or perhaps on the reception desk. When you have done this, just sit back and wait for the results. In this case the results will come when someone picks up a USB key and plugs it into their system – the software then collects and reports back password hashes, LSA secrets and IP information. The whole process takes about 20 seconds… we can’t ignore the fact that these tools exist – because they do… and you can’t keep a secret for long, at least not when the internet is involved.

What now? Well, time to educate folks that picking up USB sticks (and CD ROMs) from un-trusted sources can be ‘dangerous’… and while you should update the relevant policies you can’t rely on them to stop people from doing silly things so this might be the time to put a solution in place to prevent unauthorized USB devices from stealing your data.

July 29, 2008 | Filed Under Information Policy, data-loss, security 

comments

Leave a Reply