Don, Citation needed -- as I recall those tales, some large percentage of the scattered flash drives got plugged in, but not necessary *all* of them. But your main point still stands even without the hyperbole. -- dkm, Stickler for Needless Accuracy At 3/20/2014 12:23 PM Thursday, Bosman, Don wrote: >Sneaker net and thumb drives will be your attack vectors. >If a researcher finds it expedient to have data moved faster than >you can accommodate them, they are likely to improvise. >Keep the anti-virus and anti-malware up to date. > >You've probably seen the same tales that I have, about security >researchers leaving spyware infected thumb drives in the parking >lots for security conscious workers to find. And how every one of >the drives was plugged in to see what was on it. > > >Don Bosman >Information Technologist >MSU Libraries >366 W. Circle Drive - Rm.W441 >East Lansing, MI 48824-1048 >517-884-0873 > > > > >-----Original Message----- >From: David McFarlane [mailto:[log in to unmask]] >Sent: Thursday, March 20, 2014 12:16 PM >To: [log in to unmask] >Subject: Re: [MSUNAG] Desktop Replacement Policy and XP Mitigation > >Probably irrelevant to most here, but... > >We have several Windows XP systems used in research labs for running >ongoing experiments, using software that until recently did not work >well under Vista/7, and in any case changing computer configuration >in the middle of a research study could affect the results, so we >continue to run them. But we do not use those computers for >browsing the internet, and typically have the network disabled (even >physcially), so I think that makes them pretty safe even without >updates. As I understand it, most exploits depend on user behavior >anyway, so under some circumstances XP systems will be safe >regardless of updates. Or am I wrong there? > >-- dkm