…are you just going to hijack my computer? Hak5 released the USB Hacksaw this week which is the successor to the USB Switchblade. Both are tools to expose the vulnerability in Windows OS with using U3 technology. I find these tools very interesting as a sysadmin. In the network I manage, all autoplay is turned off, but this still does not stop the “Amish technique” as it relies on social engineering -they just have to open the window and the payload is delivered. And from my experience it is not difficult to get someone plug any USB device into their computer (as long as the ports are readily accessible). The thing I find unnerving is the fact that McAfee and Symantec antivirus products do not detect any virus like activity with the Hacksaw as the programs that run are quite legitimate unlike the Switchblade which does raise antivirus alerts because it is invading Windows protected storage. To protect against this type of attack you have to be very careful about where any USB device comes from and watch your machine for any suspicious activity. Superglue may be our best bet yet or another product such as Devicewall or a simple registry modification. User education never hurts either.