YouTube home Comedy Week on YouTube
Upload

ShmooCon 2011: USB Autorun attacks against Linux

Christiaan008 Christiaan008·7,067 videos
16,745
32,162
Like     Dislike 4

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like Christiaan008's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike Christiaan008's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add Christiaan008's video to your playlist.

Uploaded on Feb 3, 2011

Speaker: Jon Larimer

Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS - including the addition of features that can allow Autorun attacks. In this presentation, I'll explain how attackers can abuse these features to gain access to a live system by using a USB flash drive. I'll also show how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not. The talk will conclude with steps that Linux vendors and end-users can take to protect systems from this threat to head off a wave of Linux Autorun malware.

For more information visit: http://bit.ly/shmoocon2011_information
To download the video visit: http://bit.ly/shmoocon2011_videos

The interactive transcript could not be loaded.
Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Top Comments

  • kyuznum1

    kyuznum1 2 years ago

    This is by far the best SchmooCon talk on USB Autorun attacks I've seen this morning.

    · 11

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate kyuznum1's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate kyuznum1's comment.
  • reya10276

    reya10276 2 years ago

    blah blah blah...Sure if your Linux/Ubuntu system is not patched then sure you would be in trouble otherwise nothing to see here move on folks. Linux/Ubuntu is still way more secure than any windows version by default. So lets simmer down windows fanboys. Also Ubuntu is secure with app armor, hence is one of the main things Ubuntu emphasizes on in their advertisement of Ubuntu. Also if and when this suppose attack would happen it wont affect the actual system at the root level.

    · 3

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate reya10276's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate reya10276's comment.

All Comments (35)

Sign in now to post a comment!
  • galenrivera512

    galenrivera512 1 year ago

    I want this video on my GU1100 phone.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate galenrivera512's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate galenrivera512's comment.
  • siodhe

    siodhe 1 year ago

    The problem with that plan with regards to xlock, namely killing the xlock and then putting up a fake one with a fake login window (if I'm interpreting your correctly) is as I said: The access list has been wiped from the X server - *nothing* could access it at that point, the X server had to be killed to continue, logging out the user's session in the process. And TheMegentus mentioned that killing the screensaver would kill off the session directly, an even more direct approach.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate siodhe's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate siodhe's comment.
    in reply to Thomas Wright (Show the comment)
  • MsPwain

    MsPwain 1 year ago

    Thanks for making Linux more secure and me a bit smarter. Good talk.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate MsPwain's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate MsPwain's comment.
  • frenchpet

    frenchpet 1 year ago

    This is cool

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate frenchpet's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate frenchpet's comment.
  • Fredderic Unpenstein

    Fredderic Unpenstein 1 year ago

    Interesting talk... I am curious, though, when I was last using Debian, killing the screensaver caused the entire session to get killed, giving you a nice new login prompt, on a fresh X server. Doesn't that happen any more in modern installs?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Fredderic Unpenstein's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate Fredderic Unpenstein's comment.
  • siodhe

    siodhe 2 years ago

    Hi :-) Many linux users don't run the user level tools (nautilus..) in the exploit, completely removing this vector. The older xlock program would wipe the access list, and so when killed would leave the X11 server unusable (obviously the modern screensavers need to be updated to the same destroy-access mentality). The TCP port mentioned in the demo in disabled by default in Xorg (the X11 server). And lastly, remember these exploits only grant user access, not root (although closer to root)

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate siodhe's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate siodhe's comment.
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later