None of this is really all that new. It started with
diskettes, and has moved on to USB removeable storage,
digital cameras, iPods, etc. The issue remains the
same, regardless of the actual storage device.
--- Abe Usher <abe.usher@sharp-ideas.net> wrote:
pod slurping
------------
I've written a report that explores an idea that has
been known by the
security community for decades: physical security is
important to
information system security.
A year ago a report was published by the Gartner
Group warning that
iPods <http://www.apple.com/ipod/> (and other
multi-gigabyte portable
storage devices) pose a security risk for
enterprises
<http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html>.
I've
created an application (*slurp.exe*) that
demonstrates this concept.
When the program is run from an iPod, it can
__very__quickly__ copy
thousands of interesting files* from a PC to an
iPod.
The full article and proof-of-concept application
are available at:
http://www.sharp-ideas.net
Cheers,
Abe Usher, CISSP
* Office documents, *.pdf,*.xml, *.dbf, *.log,
*.dat, *.txt, *.csv,
*.htm, *.url, et cetera
---------------------------------------------------------------------------
---------------------------------------------------------------------------
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
