

Introducing the USB Stick of Death - dietcokerules
http://j00ru.vexillium.org/?p=1272

======
pilif
I really don't agree with the severity rating. Instant admin-access by just
plugging in a USB stick is exactly what malware like the ever-loved Stuxnet
use(d) as a jump-start to get their other exploits and backdoors going.

It's like the various autorun exploits, but better because you don't need an
additional privilege escalation vulnerability _and_ you get to execute your
attack even if autorun is turned off completely.

~~~
mistercow
Yeah, the severity rating seems rather oblivious to simple social engineering.
Leave a USB stick on a desk with a sticky note attached to it saying "Urgent,
please review", and guess what is going to happen to that USB stick.

Being able to compromise a system via a mundane and apparently benign action
is never low-severity.

------
GFischer
As a security vulnerability, it's interesting but, as they stated, low-
severity.

If you have physical access and a local user, it's much easier to use any
Linux boot CD and one of the myriad "password recovery" systems.

I used Petter N Hagen's <http://pogostick.net/~pnh/ntpasswd/>

back in my tech support days (several years ago).

The current tech support guy swears by Hiren's BootCD

<http://www.hiren.info/pages/bootcd>

~~~
barrkel
Most systems that are physically available with local users (e.g. libraries,
college computer labs, etc.) will have booting from anything other than the
hard drive disabled, and the BIOS password protected. You'd need to open up
the machine and reset the CMOS to use this approach.

------
wvs
Coming from a *nix background, it seems odd to me that a kernel null
dereference would be exploitable from userland. Or that kernel functions be
directly addressable from userland.

Is kernel memory mapped into user processes on Windows?

------
bashzor
I've had an usb stick of death for years now. Any system you plug it in
instantly freezes. No idea how I made it, but it was certainly not the goal!
And whatever I do, I can't get it to overwrite whatever data is on there :P

~~~
chuppo
Post a stacktrace? You can take a photo for us of the kernel panic.

~~~
bashzor
It doesn't crash (no kernel panic), just makes the system so slow that you
can't use it anymore until you pull the stick out.

~~~
k_bx
if you dd on another usb-drive the same data -- will it stay the same? if yes
-- you could post it somewhere and try to get more details etc.

------
Evbn
Was hoping for something like <http://etherkiller.org/>

