http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126478 By Gregg Keizer January 21, 2009 Computerworld Microsoft Corp.'s advice on disabling Windows' "Autorun" feature is flawed, the U.S. Computer Emergency Readiness Team (US-CERT) said today, and it leaves users who rely on its guidelines to protect their PCs against the fast-spreading Downadup worm open to attack. In an alert issued on Monday, US-CERT said Microsoft's instructions on turning off Autorun are "not fully effective" and "could be considered a vulnerability." The flaw in Microsoft's guidelines are important at the moment, because the "Downadup" worm, which has compromised more computers than any other attack in years, can spread through USB devices, such as flash drives and cameras, by taking advantage of Windows' Autorun and Autoplay features. Autorun, the focus of the US-CERT warning, lets Windows automatically run any program specified in the "autorun.inf" on, for example, a CD or a flash drive, as soon as the disc or device is inserted or connected. By default, Windows has Autorun enabled. [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Wed Jan 21 2009 - 23:09:49 PST
This archive was generated by hypermail 2.2.0 : Wed Jan 21 2009 - 23:22:36 PST