Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Did you check your conference goodies? SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Did you check your conference goodies?

This year I went to the RSA to have lunch with some friends.

It was nice to get together with some other SANS ISC friends too, as Johannes, Marc and Lenny.

Good to see them again. Also while visiting the expo, something occurred to me. Some booths were giving away pen-drives with promotional material. It is easy to imagine that the booth was always crowded.

So, to get your pen drive you just put your business card and pick your pendrive among several over the table and go

I don’t like people scanning my badge or using my business card to send me offers later, so , previously, I went to some other booths, collected a bunch of business card from sales people (they love to give them away...:) ) and went to the 'pen-drive booth' to get mine...:)

If I have a malicious intent, I would go to some other place, plug my new pen-drive, load an autorun-kind of malware, or fill it wth malicious PDFs and return it to the crowded booth table full of pen-drives...And I would be able to do it several times...

An average user would get it, plug in his computer and happily install it and be p0wned…

 So, did you test your goodies on a safe environment, preferable on a non autorun-able machine, like a mac or linux? Also did you use your AV to scan those PDFs against exploits? :)

Be safe, be paranoid…:)


Pedro Bueno ( pbueno // isc. sans. org)



155 Posts
ISC Handler
Apr 24th 2009
> use your AV to scan those PDFs against exploits? :) if that'd actually detect anything from someone actually doing this, lmao.

Sign Up for Free or Log In to start participating in the conversation!