There have been quite a collection of applications ported to run on USB flash disks. Most of these applications seem innocent enough, however some are deliberatly developed to get around IT software use policies in the workplace, such as P2P filesharing applications, instant messaging applications, FTP clients and podcast managers to name a few. Although these can be seen as a moderate security risk in the wrong hands they are more of a nuisance. However a new breed of applications are making their way to a USB drive near you that you should be more concerned with.
Applications which are used by security professionals (and hackers alike) to test the security of their networks and scan for vulnerabilities now have the capability to run independently from a USB flash drive and no longer require that WinPCap or other third-party packet capture drivers to be installed on a system. Applications such as Nmap, Ethereal, Showtraf, TCPDump, Nemesis and John the Ripper are now appearing online via sites in a modified form that contain an internal packet driver that is loaded when the application is launched.
What this means is that a hacker no longer needs to even have a laptop with them in order to compromise a network, simply bring a USB flash drive in a company and plug it into the USB drive of an available system.
For full story:
http://www.watchyourend.com/2006/04/29/ ... umb-drive/