[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: removing autorun from a flash drive



Bruno Wolff III wrote:
On Tue, Mar 10, 2009 at 22:55:05 -0500,
  Bruno Wolff III <bruno wolff to> wrote:
On Tue, Mar 10, 2009 at 17:47:04 -0400,
  Todd Denniston <Todd Denniston ssa crane navy mil> wrote:
Bruno Wolff III wrote, On 03/10/2009 05:34 PM:
Repartitioning the raw device would probably work. You would then create
a filesystem on the partition.

No, if you repartition the device, you wipe out the ability for the U3 removal tool to work, but the fake CD remains IIRC.
Maybe I am missing something. If you write over the blocks with the U3
tool, how does it not get erased?

Is this tool located somewhere of than the normal blocks on the device?

I found some info, though it doesn't look like the full details are
publicly known.

The device shows itself as two devices and indicates different types for
each so that one looks like mass storage and the other a cd drive.
It is suspected that nonstandard scsi commands are required to write
to the cd device. Some people have tricked one of the available tools into
loading custom isos into the cd portion of the device.
So it looks like you do need a special tool if you want to have the space
initially reserved for the cd image released for use in the normal part.
Probably theer is some secret scsi command to do this that wouldn't be
too hard to find if someone were serious about figuring it out.
Why anyone would want one of these devices is beyond me. It's a security
nightmare for both the computer being used (due to autorun being enabled)
and the usb device owner (due to not just running code from the device).
If you own both, there is no reason to have that feature.


I agree with this.

When I had the software removed from one device. The person that was doing it for me had to disconnect most USB devices from his computer. It also wouldn't work with the USB port on his monitor.

I did some searching at the time and found that there are keylogger tools that will auto install like a trojan onto the U3 partition. Big security risk.

Also, my daughter had her stick with U3 on it for school. The Mac computers would constantly corrupt the data because the dual partitions when unmounting.

Before I asked someone with Windows to remove the U3 code, I tried everything I could find to test this. Even after this, I still needed a Windows box to remove the code.

On the download page for the tool, there was a comment box that I voiced my opinion on.


--
Robin Laing


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]