Linux vulnerable to USB worms
When trying to create thumbnails for the files on the device, Nautilus was tricked by a specially crafted DVI file which then activated the exploit. While the relevant hole in the evince thumbnailer was closed in January, the system used in the presentation was kept vulnerable for demonstration purposes. Larimer also disabled the Address Space Layout Randomisation (ASLR) and AppArmor security mechanisms. However, the expert presented measures that would allow potential attackers to bypass these obstacles.
The link for this article located at H Security is no longer available.