Room362.com

Blatherings of a security addict.

The Root of All Evil-(grade)

| Comments

So there I was…

Today I was sitting at home watching Irongeek’s post of John Strand’s talk Defense In Depth is Dead, Long Live Defense In Depth. And I had one really evil thought:

Someone (such as Bob), could sit at an airport. We all do this it isn’t difficult. He could then turn on his laptop and connect it the airport wireless. Another task, difficult for some, but lets go with Bob being able to. Bob then, pulls out a Fon with Jasager on it. He then connects it to his newly started laptop running evilgrade. Bob’s setup for evilgrade installs and runs the USB Hacksaw payload. Now, every computer that is duped into connecting through Jasager automatically installs a payload that will copy and send all data from any inserted USB stick to… This post is already evil enough, so I will leave it up to you to figure it out. That is also why I haven’t included any in-post links.

For the cost of an airline ticket, Bob has possibly infected and/or circumvented your whole defense in depth strategy.

In closing. Don’t be like Bob. Bob is in jail.

Comments