Comment Re:Do I need to be concerned about this? (Score 1) 205
Depends.
I once worked for a company that wrote web banking software. The laptops/desktops/etc of certain employees had a 'driver' that continually monitored the USB ports. If anything plugged into it that had storage on it but not the proper corporate auth key to connect as an approved storage device? It would automatically send an email to the IT department, immediately shut off the entire USB subsystem in the OS, and it stayed that way until the device was re-imaged (in many cases making the device completely useless). It also got you immediately perp-walked out of the building and freshly unemployed, unless you could immediately give them a reasonable (and provable) explanation as to why it happened.
Now in this case, I suspect that if the bad stick presented itself to the OS as a keyboard/mouse/whatever, it may circumvent that (I say "may" because I don't know if it would be able to dump any non-keyboard/mouse-related data onto the machine w/o presenting itself as storage.)
Either way, if you're that worried about it, then epoxy the USB ports shut (well, except on the phone for obvious reasons...)
Surprise, surprise, surprise, not all computer cases are locked. Had a case of user powering off the computer and rebooting with a live usb drive. Since it was standalone, the host system did not detect this action.
Also had a case of an employee opening up the computer case, unplugging the drive and replugging it into his external USB hardware adapter (cost for adapter $35.00 at NewEgg.ca) Used his laptop to download stuff from that mpw external laptop drive to his laptop, and person could upload stuff too. No, he did not insert stuff on the drive, but we do know he dl'd stuff. t'il by chance an IT guy happened by.