http://www.theregister.co.uk/2015/03/02/bad_movie_hackers_can_raid_networks_with_burnt_blurays/
By Darren Pauli
The Register
2 Mar 2015
British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks.
His first exploit relies on a poor Java implementation in a product called
PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus
using Java, but the way Oracle's code has been used allows naughty folk to
circumvent Windows security controls.
The result, the NCC Group consultant says, is that it's possible to put
executables onto Blu-Ray disks and to make those disks run automatically
on startup even when Windows is set to stop that outcome.
Users would have no reason to suspect the whirring of an optical drive
indicated unknown software was running, making this a potentially nasty
attack.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
