By Larry Seltzer
The avalanche of network security concerns today make it easy to lose focus on securing physical access to PCs. Don’t. Sensitive data may be walking out your front door.
Our sister publication, eWeek, recently reported that vulnerabilities in some Windows USB device drivers could allow someone with physical access to a computer to compromise it. And USB is not the only way; FireWire, Wi-Fi, Bluetooth, PC Card, and the like may pose potential threats as well. Regardless of protocol, PCs face a threat from the myriad devices that may be attached to them, legitimately or otherwise, especially since Autoplay, the feature that automatically runs a program from a CD when the disk is inserted in the drive, is also enabled by default for USB and FireWire media.
So when you’re not looking, if I insert a USB key in your unlocked computer, I can run a program from the key with whatever rights and privileges you have. The program might steal files, install spyware, send spam using your e-mail account, or do anything for which you have privileges. Sure, there’s a chance your antivirus app will see the program if it’s malware—but suppose it’s not. Suppose the program simply copies files from your computer to the key or from the key to your network, or sends e-mail using your connection, or a million other undesirable things. You might never know of the intrusion
Read the whole article here: Big Threat from Little Devices