Do: use flash drives. Don't: use the ones you find on the street
By Ryan Block 
posted June 10th 2006 4:08AM
posted June 10th 2006 4:08AM
You read Engadget, so you're probably smarter than the next guy when it comes to tech -- unless you're reading Engadget in a room full of nerds or something. So it probably goes without saying that if you picked up a USB flash drive off the street, you wouldn't risk compromising your machine, network, or employer's network by just plugging it in willy nilly, would you? Well, if only the rest of the world were as smart as you, friend; according to a recent Secure Network Technologies Inc. audit of a client credit union, 100% of the trojan-laden, password-collecting, network-compromising USB flash drives they planted outside the client's building were unwittingly plugged in, used, and infected their respective host machines. Should you go sounding alarms throughout your own company about the dangers of thumb drives? No, of course not, but it's probably safe to say end-user security begins with clamped down operating systems and aware, diligent employees -- so what else is new?[Thanks to everyone who sent this in]
the only reason macs dont get that many viruses is that only 5% of people use em. If more people used macs, that of course there would be more viruses for them.
And macs suck, they are all glued together, and they sell mice for 50$
"Wow it has 2 buttons!"
freakon, it's actually only 3.8% marketshare in the US, and 2.0% worldwide.
So, at 2% those Romanian virus writers who want a platform for DoS bots figure it's just not worth wasting their time.
You may know someone with a Mac, but most of the world does not.
"The trouble is, that USB devices are able to use DMA (Direct Memory Access) and circumvent the OS. Though I'm not quite sure how this can be exploited when using "normal" memory-only devices, it is already being exploited with devices like the iPod."
So is it possible for an iPod or possibly a flash drive with modified hardware to not only read memory on the PC but to run executable code on it? The article stated that the users were duped to run the trojan by mixing it with a bunch of image files, so I would imagine that a saavy user should not be wary of plugging in a mystery flash drive.
I would probably just run a live-CD of Auditor or something to see what was on it. If all was well I'd format it, if not, I'd bin it. (I have more live cd's than I can poke a stick at)
flash drivers are very expensive nowdays i think
Stop using car analogies! It doesn’t work! Look, the perceived Mercedes Benz quality is false, they’ve stopped putting so much R&D into making the most solidly built and engineered cars in the world.
But back to my point, don’t use cars as analogies! Anyone with the slightest hint of interest in the automotive industry can pick your argument to pieces.
Some executive share some confidential information. For "security reasons" (bad image of the company) they invented a plausible history about some usb-pendrive-with-virus.
Now, a virus how can determine and send confidential data through a protective firewall?. The virus can connect to any database, determine the password and send it?.