[Web4lib] hacking Time Management system thru USB

Brian Stubbs bstubbs at rci.rutgers.edu
Thu May 29 15:44:49 EDT 2008 

"Trust-No-Exe" may be along the lines of what you're looking for.  It 
uses a trusted list and an explicit-deny list to filter what programs 
can be run on computers, and has network-install capabilities for easier 
deployment.  You may still have trouble with your hackers if they figure 
out that the list is based on filenames however; they may simply change 
the name of their undesirable .exe in order to slip past the filters.
http://www.beyondlogic.org/solutions/trust-no-exe/trust-no-exe.htm

Brian Stubbs
RUL Access Services

Simmons, Chris wrote:
> Hi, we've had a couple security breaks from users using Flash Drives. We suspect it may be a result of using Auto Start to run programs from behind the shell. We tried replicating with a U3 drive but couldn't, maybe we don't have the devious mind of a hacker ): Has anybody had any experience with this? We're hoping to disable certain .exe files as locking down USB access (as our IT security may suggest) would be overkill and not at all feasible with our public needs. 
> Thanks! 
> Chris Simmons 
> Desktop Librarian 
> Ottawa Public Library 
>
>
>
> This e-mail originates from the City of Ottawa e-mail system. Any 
> distribution, use or copying of this e-mail or the information it 
> contains by other than the intended recipient(s) is unauthorized. 
> If you are not the intended recipient, please notify me at the 
> telephone number shown above or by return e-mail and delete 
> this communication and any copy immediately. Thank you.
>
> Le présent courriel a été expédié par le système de courriels de 
> la Ville d'Ottawa. Toute distribution, utilisation ou 
> reproduction du courriel ou des renseignements qui s'y trouvent 
> par une personne autre que son destinataire prévu est interdite. 
> Si vous avez reçu le message par erreur, veuillez m'en aviser par 
> téléphone (au numéro précité) ou par courriel, puis supprimer 
> sans délai la version originale de la communication ainsi que 
> toutes ses copies. Je vous remercie de votre collaboration.
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>

More information about the Web4lib mailing list