Pod Slurping Dangerous to Your Company

Nearly a year ago, an analyst from Gartner recommended that enterprises should think about banning Apple's iPods -- and similar small-sized portable storage devices -- for fear of data walking out the door.

Now, with data being lost in more ways than once thought possible -- backup tapes lost by UPS, Social Security numbers sold to criminals, and hackers breaking in to networks remotely -- a researcher has demonstrated just how easy it is to walk off with megabytes of sensitive material when armed with only the ubiquitous iPod and simple software.

With more than 30 million iPods in circulation and models packing as much as 30GB of storage space, the gizmo makes a perfect tool for data theft, wrote computer security expert Abe Usher in his blog.

Dubbing the practice "pod slurping," Usher created a proof-of-concept application that runs from an iPod that, when the device is connected to a PC, will sniff through a PC's hard drive to find and copy all the Microsoft Office documents it finds.

"An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod (or similar portable storage device)," posited Usher. "He walks from computer to computer and 'slurps' up all of the Microsoft Office files from each system.

"Within an hour he has acquired 20,000 files from over a dozen workstations. He returns home and uploads the files from his iPod to his PC. Using his handy desktop search program, he quickly finds the proprietary information that he was looking for."

The thief could even access PCs that require a log-in username/password by using a boot CD, a specially-crafted CD that sidesteps log-in authentication, said Usher.

Gartner's 2004 advice would block pod slurping, added Usher, if enterprises adopted the research firm's recommendations to lock down desktops by disabling USB functionality or Windows' Universal Plug and Play.

Copyright 2005 CMP Media LLC.

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, CMP Media.

For more information go to:

formatting link

Reply to
Lisa Minter
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.