'Re: [Web4lib] hacking Time Management system thru USB'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       web4lib
Subject:    Re: [Web4lib] hacking Time Management system thru USB
From:       Brian Stubbs <bstubbs () rci ! rutgers ! edu>
Date:       2008-05-29 19:44:49
Message-ID: 483F07B1.6020305 () rci ! rutgers ! edu
[Download RAW message or body]

"Trust-No-Exe" may be along the lines of what you're looking for.  It 
uses a trusted list and an explicit-deny list to filter what programs 
can be run on computers, and has network-install capabilities for easier 
deployment.  You may still have trouble with your hackers if they figure 
out that the list is based on filenames however; they may simply change 
the name of their undesirable .exe in order to slip past the filters.
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

Brian Stubbs
RUL Access Services

Simmons, Chris wrote:
> Hi, we've had a couple security breaks from users using Flash Drives. We suspect it \
> may be a result of using Auto Start to run programs from behind the shell. We tried \
> replicating with a U3 drive but couldn't, maybe we don't have the devious mind of a \
> hacker ): Has anybody had any experience with this? We're hoping to disable certain \
> .exe files as locking down USB access (as our IT security may suggest) would be \
> overkill and not at all feasible with our public needs.  Thanks! 
> Chris Simmons 
> Desktop Librarian 
> Ottawa Public Library 
> 
> 
> 
> This e-mail originates from the City of Ottawa e-mail system. Any 
> distribution, use or copying of this e-mail or the information it 
> contains by other than the intended recipient(s) is unauthorized. 
> If you are not the intended recipient, please notify me at the 
> telephone number shown above or by return e-mail and delete 
> this communication and any copy immediately. Thank you.
> 
> Le présent courriel a été expédié par le système de courriels de 
> la Ville d'Ottawa. Toute distribution, utilisation ou 
> reproduction du courriel ou des renseignements qui s'y trouvent 
> par une personne autre que son destinataire prévu est interdite. 
> Si vous avez reçu le message par erreur, veuillez m'en aviser par 
> téléphone (au numéro précité) ou par courriel, puis supprimer 
> sans délai la version originale de la communication ainsi que 
> toutes ses copies. Je vous remercie de votre collaboration.
> _______________________________________________
> Web4lib mailing list
> Web4lib@webjunction.org
> http://lists.webjunction.org/web4lib/
> 
> 


_______________________________________________
Web4lib mailing list
Web4lib@webjunction.org
http://lists.webjunction.org/web4lib/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic