> are you sure? it sounds more to me like a usb key and a badly > non-configured autorun were used in this instance. From the article:
Ah. I take your point. I picked up the word device in Brian's post, but not the location of the device. The trailer I saw from the BBC program clearly indicated a device, but I don't know exactly what sort of device was used, only that it was apparently a USB device. But I was so busy fuming at yet more crap scaremongering journalism that I might have missed some detail, and I didn't watch the actual programme. (Sorry. I was so stunned at finding myself agreeing with Brian ;-) that I didn't check exactly what he said. He might or might not be right in the detail - I haven't seen confirmation either way - but he's certainly correct in being sceptical, IMHO.) What I actually meant by "correct" was that the child's role seems to have been to slip a preconfigured device onto/into the machine, and that it was far from obvious that she had any technical grasp of what she'd been asked to do, let alone demonstrated any hacking skill. In fact, the BBC article specifically states that she knows very little about computers. That's at http://www.bbc.co.uk/pressoffice/pressreleases/stories/2007/03_march/23/keyl ogger.shtml: it still doesn't make the detail entirely clear. So, clearly there are risks here. The device did get past various security checks and devices into the building. And programming a young child, preferably one as "acceptable" and "unsuspicious" as possible in terms of class, gender, ethnicity and so on, to carry out a subversive, covert or destructive device/action could certainly be very effective. Is there anyone here to whom that thought has never occurred? I very much doubt it. -- David Harley Security Author/Editor/Consultant, Antivirus Researcher Small Blue-Green World [EMAIL PROTECTED] New botnet book: http://www.syngress.com/catalog/?pid=4270 Security Bibliography: http://www.smallblue-greenworld.co.uk/pages/bibliography.html Articles: http://watersidesyndication.com/inbusiness/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
