[prev in list] [next in list] [prev in thread] [next in thread]
List: web4lib
Subject: Re: [Web4lib] hacking Time Management system thru USB
From: Brian Stubbs <bstubbs () rci ! rutgers ! edu>
Date: 2008-05-29 19:44:49
Message-ID: 483F07B1.6020305 () rci ! rutgers ! edu
[Download RAW message or body]
"Trust-No-Exe" may be along the lines of what you're looking for. It
uses a trusted list and an explicit-deny list to filter what programs
can be run on computers, and has network-install capabilities for easier
deployment. You may still have trouble with your hackers if they figure
out that the list is based on filenames however; they may simply change
the name of their undesirable .exe in order to slip past the filters.
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm
Brian Stubbs
RUL Access Services
Simmons, Chris wrote:
> Hi, we've had a couple security breaks from users using Flash Drives. We suspect it \
> may be a result of using Auto Start to run programs from behind the shell. We tried \
> replicating with a U3 drive but couldn't, maybe we don't have the devious mind of a \
> hacker ): Has anybody had any experience with this? We're hoping to disable certain \
> .exe files as locking down USB access (as our IT security may suggest) would be \
> overkill and not at all feasible with our public needs. Thanks!
> Chris Simmons
> Desktop Librarian
> Ottawa Public Library
>
>
>
> This e-mail originates from the City of Ottawa e-mail system. Any
> distribution, use or copying of this e-mail or the information it
> contains by other than the intended recipient(s) is unauthorized.
> If you are not the intended recipient, please notify me at the
> telephone number shown above or by return e-mail and delete
> this communication and any copy immediately. Thank you.
>
> Le présent courriel a été expédié par le système de courriels de
> la Ville d'Ottawa. Toute distribution, utilisation ou
> reproduction du courriel ou des renseignements qui s'y trouvent
> par une personne autre que son destinataire prévu est interdite.
> Si vous avez reçu le message par erreur, veuillez m'en aviser par
> téléphone (au numéro précité) ou par courriel, puis supprimer
> sans délai la version originale de la communication ainsi que
> toutes ses copies. Je vous remercie de votre collaboration.
> _______________________________________________
> Web4lib mailing list
> Web4lib@webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
_______________________________________________
Web4lib mailing list
Web4lib@webjunction.org
http://lists.webjunction.org/web4lib/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic