None of this is really all that new. It started with
diskettes, and has moved on to USB removeable storage,
digital cameras, iPods, etc. The issue remains the
same, regardless of the actual storage device.
> pod slurping
> ------------
>
> I've written a report that explores an idea that has
> been known by the
> security community for decades: physical security is
> important to
> information system security.
>
> A year ago a report was published by the Gartner
> Group warning that
> iPods <http://www.apple.com/ipod/> (and other
> multi-gigabyte portable
> storage devices) pose a security risk for
> enterprises
>
<http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html>.
> I've
> created an application (*slurp.exe*) that
> demonstrates this concept.
> When the program is run from an iPod, it can
> __very__quickly__ copy
> thousands of interesting files* from a PC to an
> iPod.
>
> The full article and proof-of-concept application
> are available at:
> http://www.sharp-ideas.net
>
> Cheers,
> Abe Usher, CISSP
>
> * Office documents, *.pdf,*.xml, *.dbf, *.log,
> *.dat, *.txt, *.csv,
> *.htm, *.url, et cetera
>
>
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
>
>
diskettes, and has moved on to USB removeable storage,
digital cameras, iPods, etc. The issue remains the
same, regardless of the actual storage device.
--- Abe Usher <abe.usher (at) sharp-ideas (dot) net [email concealed]> wrote:
> pod slurping
> ------------
>
> I've written a report that explores an idea that has
> been known by the
> security community for decades: physical security is
> important to
> information system security.
>
> A year ago a report was published by the Gartner
> Group warning that
> iPods <http://www.apple.com/ipod/> (and other
> multi-gigabyte portable
> storage devices) pose a security risk for
> enterprises
>
<http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html>.
> I've
> created an application (*slurp.exe*) that
> demonstrates this concept.
> When the program is run from an iPod, it can
> __very__quickly__ copy
> thousands of interesting files* from a PC to an
> iPod.
>
> The full article and proof-of-concept application
> are available at:
> http://www.sharp-ideas.net
>
> Cheers,
> Abe Usher, CISSP
>
> * Office documents, *.pdf,*.xml, *.dbf, *.log,
> *.dat, *.txt, *.csv,
> *.htm, *.url, et cetera
>
>
>
------------------------------------------------------------------------
---
>
------------------------------------------------------------------------
---
>
>
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]