[LINK] US DoD to allow thumb drives again
Crispin Harris
crispin.harris at gmail.com
Sun Feb 21 11:58:34 AEDT 2010
On Sun, Feb 21, 2010 at 8:13 AM, Kim Holburn <kim at holburn.net> wrote:
> On 2010/Feb/21, at 10:46 AM, Fred Pilcher wrote:
> > stephen at melbpc.org.au wrote:
> >> But in November 2008, thumb drives infected by viruses infected and
> >> disrupted military networks, prompting the ban.
> >
> > Facepalm.
> >
> > The US Military is using Windows?
>
Yes - for a number of reasons, but primarily cost & capability - running
custom OS's is prohibitively expensive, and frequently riddled with bugs.
What they forgot to do, however, was thorough risk assessment of new
capabilities and product.
And by thorough I mean "with paranoid interrogation of the specification of
the connectivity system's capabilities".
Yeah and they had "Autoplay" turned on. Actually it's quite hard to
> turn it off in windows. The default should have been, should be,
> autoplay off for removable media. It should have been part of their
> domain policies.
>
It's really, really hard to ensure that all methods of auto-play are turned
off for USB devices. Unfortunately stock-standard Windows XP/Windows Vista
does not have the API enabled/visible to allow the proper control of USB
devices.
When a USB device is plugged into a system, it gets to advertise (at the
hardware layer) the type and number of devices it contains.
This can include (but is not limited to)
- Human Interface Device (pen, mouse, keyboard, screen, tracpad, scanner
etc)
- Character input/output device (Modem, network, IR, Bluetooth, other USB
etc...)
- Block input/output device (Hard drive, CD/DVD Rom, Tape etc...)
Basically, if Windows can put it in the device-tree, a USB device can ask to
be put there. And in many cases, Windows will even ask the device for a
device-driver definition (which Windows will then happily load/execute for
you!).
By default, Windows XP/Vista does not have device-type access control for
USB.
(i.e. you can't say "Allow USB keyboard/mouse but not Mass-storage" without
substantial additional (non-standard & non-supported) code.)
> Scarey though. I seem to remember some of their battleships run
> windows. Gives the name "Blue Screen of Death" a whole new meaning.
>
lol.
--
Crispin Harris
crispin.harris at gmail.com
"A great deal of Security is unfortunately just like the underwear of
Brittany Spears.
If it's even there at all, it is needlessly complex and frilly; looks good
without actually covering much; and is far to easy to get around or remove
completely."
- David Boston
Marriage (n): a natural institution whereby a man and a woman give
themselves to each other for life in an exclusive sexual relationship that
is open to procreation.
-Definition compliements of Cardinal George Pell, Catholic Archdioces of
Syndey
More information about the Link
mailing list