Security Hero Rotating Header Image

Did you check your conference goodies?, (Fri, Apr 24th)

Did you check your conference goodies?, (Fri, Apr 24th)

Normal
0

false
false
false

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Times New Roman”;
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}

This year I went to the RSA to have lunch with some friends.

It was nice to get together with some other SANS ISC friends too, as Johannes, Marc and Lenny.

Good to see them again. Also while visiting the expo, something occurred to me. Some booths were giving away pen-drives with promotional material. It is easy to imagine that the booth was always crowded.

So, to get your pen drive you just put your business card and pick your pendrive among several over the table and go away…cool…

I dont like people scanning my badge or using my business card to send me offers later, so , previously, I went to some other booths, collected a bunch of business card from sales people (they love to give them away…:) ) and went to the ‘pen-drive booth’ to get mine…:)

If I have a malicious intent, I would go to some other place, plug my new pen-drive, load an autorun-kind of malware, or fill it wth malicious PDFs and return it to the crowded booth table full of pen-drives…And I would be able to do it several times…

An average user would get it, plug in his computer and happily install it and be p0wned

So, did you test your goodies on a safe environment, preferable on a non autorun-able machine, like a mac or linux? Also did you use your AV to scan those PDFs against exploits? 🙂

Be safe, be paranoid:)

Leave a Reply

Your email address will not be published. Required fields are marked *