How's this for a possible scenario?
- A Ford employee walks away from a workstation without locking it first.
- A watchful contractor/employee/visitor/whoever walks up to the system with
a prepared, custom-burned CD in hand.
- S/he pops the CD in, and an autorun program loads and immediately ejects
the CD.
- The perpetrator takes the CD, closes the tray, and walks away within 10
seconds of approaching the workstation.
- The program that was just loaded goes to work in the background.
- The original employee returns with a fresh cup of coffee and resumes
working, unaware that anything has happened.
- Later, at home/cafe/wherever, this person connects to the zombified system
(which has opened a path to itself through the firewall) and gets busy.
Sound farfetched? No. Any programmer with the proper motivation (13,000
credit reports are very motivating), a few bits of publicly-available
developer knowledge, a simple development system, and a cheap CD-R drive
could do just that. All firewalls have the same basic weaknesses that can
be taken advantage of, as long as the activity initiates from inside. The
most secure Internet connection is no Internet connection at all.
This is all just informed speculation, but an office is only as secure as
the weakest habits of its employees. ["Greg Searle" via risks-digest Volume 22, Issue 10]
16:41
#
G!
