Slashdot Mirror

← Back to Stories (view on slashdot.org)

Beware the iPod 'slurping' Employee

Posted by ryuzaki0 on from the someone-out-there-is-going-to-outlaw-ipods-now dept.

Zoner12 writes "CNet is reporting that Abe Usher has created an application that allows an iPod to scan corporate networks for files likely to contain sensitive business data and download them, potentially stealing 100 megabytes in a few minutes. An insider threat would only need to plug the iPod into a computer's USB port."

2 of 390 comments (clear)

  1. Physical access by ian_mackereth · · Score: 5, Interesting
    At one time, I'd've pointed out the difficulty of getting unauthorised physical access to a PC's USB port in any sort of secured environment.

    Then a friend went to his local bank branch to get a personal loan. His salary records were all on his USB memory device (he works for an ISP who really try to avoid paper if they can)and he was allowed to plug his mempory card in to the loan officer's PC and run Acrobat to show her the documents.

    Yep, on a bank PC, inside the firewall, with a USB stick of completely unkown provenance.

    I bet their IT security guys would've had a fit, if they'd known!

    1. Re:Physical access by Anonymous Coward · · Score: 5, Interesting

      As an IT guy in a bank, I have to say that if you thought that banks somehow had better security than the grocery store across the street, you were merely fooling yourself.

      Fact 1: for the system to work, people have have to have access to the core financial applications.
      Fact 2: people are stupid.
      Fact 3: much (most?) hacking involves social hacking as opposed to trying to "break in" to a financial institution.

      Connect the dots.

      'Course, there is no way you could get anywhere trying to break into our organization through the front door, but sadly, a low-tech backdoor approach like this would probably work great.