Pod Slurping Comes Around Again
from the repeating-it-won't-make-it-true dept
Time and time (and time) again enterprise IT managers have been warned about the dangers of “pod slurping’ — people using iPods or other high-capacity mp3 players as portable hard drives to steal information from corporate PCs and networks. The hype wave is coming around again, apparently because somebody wrote a program that can copy files from a computer to an iPod (you need a program to do that now?). The author’s vision of how a slurping attack would occur has a would-be thief coming into an office disguised as a janitor, then going from PC to PC copying information. The issue isn’t that the thief is using an iPod to copy files, that’s irrelevant. The problem is that a company is letting in people disguised as janitors, with or without iPods. A reporter calls the threat “fast emerging” — but by the end of the post, she says “It’s unclear how much of a threat iPod slurping really is today. I haven’t found any information on companies that actually suffered due to iPod slurping; of course, they aren’t likely to tell the world of security breaches they’d suffered, either.” All these scare stories do is sell useless analyst reports and pointless security software. Like so many before this one, new technology really doesn’t raise any new security problems for reasonably intelligent people. What’s next? An urgent report from a security expert detailing the emerging threat of these things called “brains” that let users store all kinds of information — even stuff not stored on a computer — for later off-site retrieval? You heard it here first.
Comments on “Pod Slurping Comes Around Again”
No Subject Given
There is no substitute for physical security. If the intruder didn’t care about the theft being easily discovered he could simply remove the hard drive from the desktop machine and take it with him when he leaves, or steal the entire machine if its a laptop. In some offices he could burn a DVD of what he wants or use a USB memory fob. I think this is an example of the iPOD is the buzz and that causes lame brains to work it into their drivel no matter how tangential.
storing information in brains
There seems to be little chance of that happening in most corporate settings today.
No Subject Given
Security-conscious enterprises took care of this issue long ago, by disabling USB ports, CD/DVD writers, and floppy drives, and then selectively enabling them through policy. Other than in financial services, this is almost a complete non-issue.
Pod slurping
Nice post. If you’d like the full story, check out the article that I wrote at:
http://www.sharp-ideas.net/archives/2005/06/pod_slurping.html
Just call us up
At the news weekly where I work, competitors only need to call up to get information on our advertising clients. People are still the weakest link in the security chain.
Pod slurping whitepaper
More information on the dangers of pod slurping and how to combat data theft is available through one of GFI’s whitepapers. Its title is “Pod slurping – an easy technique for stealing data” and it’s availalbe through this direct download link – no registration, no fees.
http://www.gfi.com/whitepapers/pod-slurping-an-easy-technique-for-stealing-data.pdf