Firefox 4 is out and available for download - http://www.mozilla.com/en-US/firefox/new/

Read only USB stick trick

Published: 2011-03-22
Last Updated: 2011-03-22 10:13:50 UTC
by Chris Mohan (Version: 1)
20 comment(s)

The sad demise of readily available, cheap USB sticks with a switch to flip the device to be read only has caused some problems when dealing with suspicious machines, especial when I’m off duty and I hear the dreaded words “Oow, you’re in IT – could you have a look at my computer quickly?”

Back in the good old days, I could pick them up at nearly all my favourite shops and the vendors gave them away by the bucket load, but alas, they seem to have all but disappeared.

CD/DVD or Blu-ray disks are great, but lugging around a harden CD case really does clash with some of my outfits and doesn’t always send out the right message, particularly at: romantic diners, standing at a checkouts or trying to order drinks at a bar. This is where a small USB key, fitting neatly in to a pocket, helps me blend in with the rest of humanly almost seamlessly.  Almost. 

The standard read/write USB keys fall prey to being infected and compromised the very second they are insert in to a machine, which, as we know is a bad thing.

Stuck with this dilemma, I stumbled upon a neat solution – Secure Digital (SD) Memory Cards.
 
SD Memory cards have a small lock switch on them, making them read only; they can reach up to a whooping 32GB, are only slightly more expensive than similar size USB drives and are common place (I can find them in the petrol stations, corner stores and on aeroplanes). Now add in a small SD reader, around the size of a normal USB drive, and this is perfect for incident response on an untrusted system in a pinch or when a full response kit isn’t viable.

With the size of SD memory cards, it means I can have my favourite recovery [1], incident handling and fun at -someone else’s  - party [2] boot images each on their own SD card, hidden in a wallet, jacket lapel or hat band for ease of use. Producing them, seeming out of thin air, to fix a broken or infected machine amazes and astounds plus get brownie points at unexpected moments in life.

Another option for the uncluttered, nattily dressed Incident-Handler-around-town’s toolkit.

As always, if you have any better suggestions, insights or tips please feel free to comment.

[1] BartPE - http://www.nu2.nu/pebuilder/
[2] Backtrack - http://www.backtrack-linux.org/downloads/

Chris Mohan --- Internet Storm Center Handler on Duty

Keywords: incident handling
20 comment(s)

Adobe Flash Player update, RSA further notification and Play.com breach

Published: 2011-03-22
Last Updated: 2011-03-22 02:33:09 UTC
by Chris Mohan (Version: 1)
2 comment(s)


Adobe Flash Player update addresses a critical security issue (CVE-2011-0609):

http://www.adobe.com/support/security/bulletins/apsb11-05.html


RSA have released a further list of recommendations to their customers of security best practices via email. No further information on the actual breach.


And finally, the www.play.com, a large on-line retailer, has had a security breach. Some customer names and email addresses may have been compromised from a 3rd part company that handles part of their marketing. Emails notification have been sent out to existing customers.

Thank you to those readers for writing in with these updates.


Chris Mohan --- Internet Storm Center Handler on Duty

Keywords:
2 comment(s)
Adobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html

Comments

cwqwqwq

www

Nov 17th 2022
4 months ago

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

EEW

Nov 17th 2022
4 months ago

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

qwq

Nov 17th 2022
4 months ago

dwqqqwqwq mashood

mashood

Nov 17th 2022
4 months ago

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

isc.sans.edu

Nov 23rd 2022
4 months ago

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

isc.sans.edu

Nov 23rd 2022
4 months ago

What's this all about ..?

isc.sans.edu

Dec 3rd 2022
3 months ago

password reveal .

isc.sans.edu

Dec 3rd 2022
3 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

isc.sans.edu

Dec 26th 2022
3 months ago

https://thehomestore.com.pk/

isc.sans.edu

Dec 26th 2022
3 months ago

Login here to join the discussion.


Diary Archives