The Gospel of LUA

On August 7, 2006, in Security, by


This morning on a computer I was setting up I was in Administrator mode…. and I plugged in a SANDISK usb thumb drive… and all of a sudden I got a new service running down in the system tray….a U3 driver.  Now I never said “Yes”, I never approved it.. it just ran automagically.  And it just launched all by itself… like the autorun of cdroms does.


And it reminded me about the “Gospel of LUA”.  Now if that didn’t scare me half to death because it showcased why running as admin is NOT a good thing….imagine if that U3 usb driver was a trojan or malware… just in a blink of the eye my entire network could have been owned because I was running as admin… now I know…brothers and sisters…. you feel like you are walking through the desert of despair…that you cannot get the applications to run as normal or standard user because they want to run as Admin…but I tell you my brothers and sisters… we have hope for salvation!


Today over on Brother Aaron Margosis’s blog … home of the scriptures for the Gospel of LUA…. there’s a Book of LUA buglight that’s been released to help us get to the promised land.


Aaron Margosis’ WebLog : LUA Buglight public [pre]-release:
http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx


Brothers and Sisters…. I know you are saying …but Sister… we can’t run Remote Web Workplace without admin rights… but my fellow disciples… yes you can.. you just flip that workstation from administrator..and don’t go to normal user…but instead choose remote desktop user on that workstation.  You then have the goodness of normal user for day to day operations and still have remote access.  Yes, my brothers and sisters, there is hope.. hope for a better future.. hope that Vista and Brother Margosis will let Vendors get saved and see the light…. the light of LUA Buglight that is…and clean up their lousy coding practices.

 

4 Responses to The Gospel of LUA

  1. Russ Grover says:

    (Only funny if you are Terminator 3 Fan)
    SKYNET is probably going to be launched by a U3 Drive.

    I figure since SKYNET is enivitable One of my old Celeron Servers is named SKYNET. (Just so it doesn’t get confused on who it is when Skynet takes over.)
    I wonder if there going to be a T4? Hmm…

  2. Peter says:

    Hi Susan, this U3 functionality is scary. Check out the following for POC that it can be hacked…

    http://cse.msstate.edu/~rwm8/hackingU3/

  3. UnhappyWithU3 says:

    You can uninstall it here:
    http://u3.com/uninstall/

    It’s gonna ask about 10 times if you’re sure, since it’s a permanent uninstall. But, if you ever decide you want apps, you can get free ones you can run on ANY drive at portableapps.com and portablefreeware.com.

  4. USB “thumb drives” in general (not just the U3 flavor) can be dangerous…

    http://mygreenpaste.blogspot.com/2006/06/interesting-social-engineering-tactic.html