Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beware the iPod 'slurping' Employee

Posted by ryuzaki0 on from the someone-out-there-is-going-to-outlaw-ipods-now dept.

Zoner12 writes "CNet is reporting that Abe Usher has created an application that allows an iPod to scan corporate networks for files likely to contain sensitive business data and download them, potentially stealing 100 megabytes in a few minutes. An insider threat would only need to plug the iPod into a computer's USB port."

3 of 390 comments (clear)

  1. Physical access by ian_mackereth · · Score: 5, Interesting
    At one time, I'd've pointed out the difficulty of getting unauthorised physical access to a PC's USB port in any sort of secured environment.

    Then a friend went to his local bank branch to get a personal loan. His salary records were all on his USB memory device (he works for an ISP who really try to avoid paper if they can)and he was allowed to plug his mempory card in to the loan officer's PC and run Acrobat to show her the documents.

    Yep, on a bank PC, inside the firewall, with a USB stick of completely unkown provenance.

    I bet their IT security guys would've had a fit, if they'd known!

    1. Re:Physical access by Anonymous Coward · · Score: 5, Interesting

      As an IT guy in a bank, I have to say that if you thought that banks somehow had better security than the grocery store across the street, you were merely fooling yourself.

      Fact 1: for the system to work, people have have to have access to the core financial applications.
      Fact 2: people are stupid.
      Fact 3: much (most?) hacking involves social hacking as opposed to trying to "break in" to a financial institution.

      Connect the dots.

      'Course, there is no way you could get anywhere trying to break into our organization through the front door, but sadly, a low-tech backdoor approach like this would probably work great.

  2. Re:So what's the difference... by __aaclcg7560 · · Score: 4, Interesting

    Most USB keys max out at 1GB. However, if you want to steal more than 1GB at time, a 60GB iPod is the way to go.

    One video game company that I worked for banned all portable storage devices since they didn't want any files appearing on the internet. The smallest file was 4MB for Gameboy Advance titles and the largest was 4.5GB PS2/XBox titles. I had to get special permission for my 32MB flash card since I was using that to store homework files for the programming classes I was taking at the time. Since half of the projects that I did was for the Gameboy Advance, I was always under suspicion that I might steal a file.