Sorry if this has been brought up before, I searched the archives and didnt find anything. Problem: Autorun runs even when passworded screensaver is active. Scenario: Burn a CD-ROM with whatever program you want to run on the passworded machine, put it in autorun.inf, and just put it in the machine, this can be used to run and do just about anything, one more reason not to rely on microsoft for your security :) I dont suppose this is actually an exploit, but it's exploitable on 80% of the machines running Windows since not a whole lot of people turn autorun off, a few friends had a great time going to wal-mart, popping the CD in, removing the screen savers and a password utility they had on there, then having full access, this could easily be used to walk over to a machine, pop a disk in drive A, have it autorun a batch file on the CD to copy say, Turbo Tax documents, Quicken, (you get the idea :) Matt Hallacy, poptix@Efnet
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:19 PDT