External computer flash drives have been banned, at least temporarily, at the Pentagon. The ban comes after officials detected a threat, described by Pentagon spokesman Bryan Whitman as being a "global virus" on the Defense Department networks.
Whitman gave no details of the virus but described the situation, saying "this is not solely a department problem, this is not solely a government problem." Defense officials wouldn't publicly confirm the ban but department workers were notified.
One message distributed to employees said that all flash drives, whether purchased or provided by the department to workers, would be confiscated. It is currently unknown if workers will get the flash devices back or when the ban will end.
Why can our government not be honest about anything? I don't disagree that bringing viruses in would be bad but are they seriously telling me that they have no way to stop a virus over their intranet? Nothing is impossible in cyberspace and I realize the threat is there but come on guys, please don't insult my intelligence. The largest threat flash drives pose is not software coming in, it's data going out. I would rather be told that I don't need to know than be given a bullshit f&cking story.
from what i understand this started last week and it's software contained in extra hardware and cannot be formatted out. the software infects the computer and sends info out over 'net connections and it's not just military comps getting infected. even tho i don't use them i've been advised to avoid buying any new flashdrives for the next couple months. not a bs story, just lacking in specifics.
My first post, but I had some info on this subject and thought I would share. The ban on USB Flash drives comes because of the well documented flaws in Mobile Media Autoruns. The infected drives contain an autorun.inf file that executes the code "wscript.exe nar.vbs". you will notice that all infected drives of the computer will also contain these files or similarly named VBS file. Those of you that do not remember, the "I LOVE YOU LETTER" virus was also a .VBS. I dont know personally what is contained in nar.vbs, but it is designed to collect information from the computer and other connected drives and send it out, probably via email.
Thanks for your comments, they make sense. I still beleive, though, that the threat of data leaving is and always has been a problem. As redstain mentioned, there should be no means by which data can be removed from the DOD's servers save a few machines used by authorized individuals.
should be banned at all places of employment. I'd be more worried about what the employees are taking home than what they are bringing in to work. Why don't businesses use dumb terminals like they used to do? All info should stay on the server. No PCs should be allowed in the workplace. It's too much of a security risk IMO. No body should have a hard drive or flash drive capability on their desktop computers.
The flaw is NOT IN HARDWARE. Any media device, be it CD or Thumb Drive, can contain an Autorun.ini or .inf file which tells the computer what to launch first when inserted. You will see this autorun file on every single software install disc you buy. Many people do not receive the prompt due to the auto-AutoPlay, or select the Autorun chosen feature (usually the first choice) from the menu when the thumb drive is inserted. This is what triggers the infection. From this point on, any and every drive that is writable will receive these two files, the autorun.inf (delivery) and the virus nar.vbs (payload).
I bought four flash drives about six months ago, and two of them had software built in to them that was difficult to remove (it would survive a partition and format). The U3 suite is a pain in the butt, and any company putting that junk on their drives will not get my money.
Pentagon banning Flash drives in 2008!! Thats F_-_Up. I had to go through a very very heavy security background check here in Montreal when I got a contract with GSK.
All nodes were CPU and Screen only. As an Admin there was an external Optic drive CD/DVD in the case of.
No one was allowed to use any attachment to the computers, including headphone/Earphones. If you are caught. BYE BYE. End of a story.
GSK (Glaxo Smith Kline) are so strict, as a Canadian, I had to pass CSIS, CIA, FBI and MI6, to be eligible to bid for the contract.
the information i got, not from the source article or on the net, was that the virus was contained in an extra chip in the flashdrive. an extra chip not normally found in flashdrives. i considered that hardware, sorry if my terminology is wrong.
I have the DoD issued noticed regarding the issue. Additionally, U3 can be uninstalled instantly with the free download from U3's website. I can assure there is no additional chip, this known issue with usb and any mobile media has been well documented. There is an open project called USB Hacksaw that accomplishes this very thing, the scripts are prewritten for your downloading pleasure. This particular device is intended to override USB drivers on the computer, therefor controlling all devices connected and emailing said content. My neighbor is Marines, and I have personally seen these files the DoD speaks of. Believe whatever you will, the solution is to disable Autorun...
the movie had a fake cia agent use a thumb drive to steal a software program.it was a old movie.so much for home land security.of course this is nothing compared to the missing FBI laptops.
after further thought I have to say.why they don't scan thumb drives or laptops for that matter before they are allowed to connect to any government database is moronic at best.
