[39146] in bugtraq
reconsidering physical security: pod slurping
daemon@ATHENA.MIT.EDU (Abe Usher)
Mon Jun 13 16:11:59 2005
Message-ID: <42ACFEB3.6070609@sharp-ideas.net>
Date: Sun, 12 Jun 2005 23:34:11 -0400
From: Abe Usher <abe.usher@sharp-ideas.net>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
pod slurping
------------
I've written a report that explores an idea that has been known by the
security community for decades: physical security is important to
information system security.
A year ago a report was published by the Gartner Group warning that
iPods <http://www.apple.com/ipod/> (and other multi-gigabyte portable
storage devices) pose a security risk for enterprises
<http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html>. I've
created an application (*slurp.exe*) that demonstrates this concept.
When the program is run from an iPod, it can __very__quickly__ copy
thousands of interesting files* from a PC to an iPod.
The full article and proof-of-concept application are available at:
http://www.sharp-ideas.net
Cheers,
Abe Usher, CISSP
* Office documents, *.pdf,*.xml, *.dbf, *.log, *.dat, *.txt, *.csv,
*.htm, *.url, et cetera
