TELECOM Digest OnLine - Sorted: Pod Slurping Dangerous to Your Company

Pod Slurping Dangerous to Your Company

Lisa Minter (lisa_minter2001@yahoo.com)
Sat, 18 Jun 2005 13:41:11 -0500

Nearly a year ago, an analyst from Gartner recommended that
enterprises should think about banning Apple's iPods -- and similar
small-sized portable storage devices -- for fear of data walking out
the door.

Now, with data being lost in more ways than once thought possible --
backup tapes lost by UPS, Social Security numbers sold to criminals,
and hackers breaking in to networks remotely -- a researcher has
demonstrated just how easy it is to walk off with megabytes of
sensitive material when armed with only the ubiquitous iPod and simple
software.

With more than 30 million iPods in circulation and models packing as
much as 30GB of storage space, the gizmo makes a perfect tool for data
theft, wrote computer security expert Abe Usher in his blog.

Dubbing the practice "pod slurping," Usher created a proof-of-concept
application that runs from an iPod that, when the device is connected
to a PC, will sniff through a PC's hard drive to find and copy all the
Microsoft Office documents it finds.

"An unauthorized visitor shows up after work hours disguised as a
janitor and carrying an iPod (or similar portable storage device),"
posited Usher. "He walks from computer to computer and 'slurps' up
all of the Microsoft Office files from each system.

"Within an hour he has acquired 20,000 files from over a dozen
workstations. He returns home and uploads the files from his iPod to
his PC. Using his handy desktop search program, he quickly finds the
proprietary information that he was looking for."

The thief could even access PCs that require a log-in username/password
by using a boot CD, a specially-crafted CD that sidesteps log-in
authentication, said Usher.

Gartner's 2004 advice would block pod slurping, added Usher, if
enterprises adopted the research firm's recommendations to lock down
desktops by disabling USB functionality or Windows' Universal Plug and
Play.

Copyright 2005 CMP Media LLC.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, CMP Media.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Choreboy: "DSL Speed"
Go to Previous message: Lisa Minter: "Sprint, Verizon Opening Doors to Mobile Content"
Next in thread: David Clayton: "Re: Pod Slurping Dangerous to Your Company"
May be reply: David Clayton: "Re: Pod Slurping Dangerous to Your Company"
May be reply: Tony P.: "Re: Pod Slurping Dangerous to Your Company"
May be reply: jtaylor: "Re: Pod Slurping Dangerous to Your Company"
May be reply: ellis@no.spam: "Re: Pod Slurping Dangerous to Your Company"
TELECOM Digest: Home Page