Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Open Source

Submission + - USB Autorun Attacks Against Linux (net-security.org) 1

Orome1 writes: Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS — including the addition of features that can allow Autorun attacks. This Shmoocon presentation by Jon Larimer from IBM X-Force starts off with a definition of autorun vulnerabilities and some examples from Windows, then jumps straight into the Linux side of things. Larimer explains how attackers can abuse these features to gain access to a live system by using a USB flash drive. He also shows how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

USB Autorun Attacks Against Linux

Comments Filter:
  • I really like many of the changes that have been made to linux over the years. We're risking security vs. intuitive-ness. In most cases, the person who is able to put a USB key into your system should be someone you trust NOT to do such things. I understand that with public computing such as labs, libraries, etc. this issue becomes trickier but it is my hope that people don't take USB access away out of panic/fear of what could happen.