We used a netbook with a fresh Windows XP on it and nothing of value and destroyed the disk afterwards.
It had on it some inane chart mp3s, a low quality DVD rip, a text file with 1337speak in it and what looked like a Ubuntu ISO. I doubt anyone else had actually plugged anything into it and these were probably the originator's files.
I can see the attraction and purpose of it, but the idealisms probably won't ever be realised with human nature as it stands. Someone will trash or break it and someone else will upload something nasty to it.
As for security, all these probably carry the Internet clap so don't go sticking them in anything of value (sounds like a certain human problem as well).
I wonder how low-cost could one go with a custom made USB device that just copies everything to itself after connecting. Effects of scale unfortunately don't apply, as it would have about 10 customers worldwide :)
or really dangerously illegal content.
or use some "smart" device (instead of a "dumb" storage device) to harvest data from connected machines.
Teensy etc. Hell even the nubs at Hak5 and even Steven Gibson (lol) probably have covered this.
The advantage they have is a female plug, you can't physically break it like standard usb key (most of these keys are broken after a year).
But they're disappearing too, people tend to paint walls :)
Curiously enough, in a LAN party the IP addresses are much less critical than on the internet. If we assume that there were MAFIAA infiltrators listening on your local torrent swarms then nobody really knows whose computer is behind, say, 192.168.0.67: a dhcp server will distribute ips pretty randomly to different participants without querying who they are. Of course, some computers connected to the same router will see the corresponding MACs but following those would require the infiltrator to know which port of the router can be used to find a certain MAC and you don't really see that unless you have access to the router console.
Conversely, ISPs generally keep track of who's using which IP at a given moment eventhough the internet is global and one might think that any IP address will just disappear in the sea of endless numbers.
Any malware, skeezy content, etc. can be avoided by simply not opening files and having your computer not autorun usb drives.
But the real issue (at least the one that always comes to my mind) is if, say, the "USB device" was just a male connector connected directly to wall power. This would at least fry your computer's USB, possibly more.
It would also be trivial to set up a simple circuit inside a USB drive casing to step up voltage and potentially fry your computer's ports.
Now you can get your child pron without scratching your laptop :)
I see a handful of people alluding to risks (viz. "USB Condom") but I don't understand precisely what the issue is.
On Windows, presumably there's autorun.inf which can launch any executable on the USB drive. Is that correct? What about if you plug in from Unix or MacOS?
Bonus question: What are the risk factors, both for you and the host, if you charge your smart-phone in a stranger's laptop through USB?
The risk of hostile software should be relatively easy to deal with (even on ancient versions of Windows).
Just as dealers hit street corners and people still buy off them knowing the risk, secret USB ports (not all over Hacker News or advertised on a web page) could pass software to a group of people who have a high barrier for membership insofar as they trust the other members of the group.
But then, isn't this just what people used to do before the internet? Now it's "anonymous, offline, p2p file sharing"!