Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beware the iPod 'slurping' Employee

Posted by ryuzaki0 on from the someone-out-there-is-going-to-outlaw-ipods-now dept.

Zoner12 writes "CNet is reporting that Abe Usher has created an application that allows an iPod to scan corporate networks for files likely to contain sensitive business data and download them, potentially stealing 100 megabytes in a few minutes. An insider threat would only need to plug the iPod into a computer's USB port."

5 of 390 comments (clear)

  1. Physical access by ian_mackereth · · Score: 5, Interesting
    At one time, I'd've pointed out the difficulty of getting unauthorised physical access to a PC's USB port in any sort of secured environment.

    Then a friend went to his local bank branch to get a personal loan. His salary records were all on his USB memory device (he works for an ISP who really try to avoid paper if they can)and he was allowed to plug his mempory card in to the loan officer's PC and run Acrobat to show her the documents.

    Yep, on a bank PC, inside the firewall, with a USB stick of completely unkown provenance.

    I bet their IT security guys would've had a fit, if they'd known!

    1. Re:Physical access by Anonymous Coward · · Score: 5, Interesting

      As an IT guy in a bank, I have to say that if you thought that banks somehow had better security than the grocery store across the street, you were merely fooling yourself.

      Fact 1: for the system to work, people have have to have access to the core financial applications.
      Fact 2: people are stupid.
      Fact 3: much (most?) hacking involves social hacking as opposed to trying to "break in" to a financial institution.

      Connect the dots.

      'Course, there is no way you could get anywhere trying to break into our organization through the front door, but sadly, a low-tech backdoor approach like this would probably work great.

  2. Re:So what's the difference... by __aaclcg7560 · · Score: 4, Interesting

    Most USB keys max out at 1GB. However, if you want to steal more than 1GB at time, a 60GB iPod is the way to go.

    One video game company that I worked for banned all portable storage devices since they didn't want any files appearing on the internet. The smallest file was 4MB for Gameboy Advance titles and the largest was 4.5GB PS2/XBox titles. I had to get special permission for my 32MB flash card since I was using that to store homework files for the programming classes I was taking at the time. Since half of the projects that I did was for the Gameboy Advance, I was always under suspicion that I might steal a file.

  3. Re:Why not block the USB port? by imemyself · · Score: 3, Interesting

    Which totally defeats the point of banning USB keys/external HDD's/iPod. I mean it is brain-dead easy to copy files on to a Palm or PocketPC, and with an CF or SD card(I believe they are up to the 2 or 4 GB range now-days) you could get a ton of stuff out of work. Hell, you could even hide the card in your shoe or something afterwards if you weren't allowed to take your PDA home or something. And even without their USB ports, there's Bluetooth(for some phones/PDAs and a few computers). There is no way that a company can absolutely prevent someone from taking home files that they have access to, unless they're like the CIA/NSA or something(And haven't there been a few cases of people getting computer files out of those places?). There are too many ways to get the data out, and too many ways to get around security.

    --
    Every time you post an article on Slashdot, I kill a server. Think of the servers!
  4. What a dumbass. by kin_korn_karn · · Score: 3, Interesting

    Why in the hell do people do shit like this and PUBLICIZE it? All it does is give geeks a bad name and make a 'threat' out of anyone who carries an iPod or other digital music player.

    I'm all for the freedom to write software like this but shit, you have to be smart about it.