Beware the iPod 'slurping' Employee 390
Zoner12 writes "CNet is reporting that Abe Usher has created an application that allows an iPod to scan corporate networks for files likely to contain sensitive
business data and download them, potentially stealing 100 megabytes in a few minutes. An insider threat would only need to plug the iPod into a computer's USB port."
Less-than-competent physical security (Score:3, Informative)
There's nothing you could do with the iPod that you couldn't do with your normal computer and any random external hard drive [...] What's the big deal that an iPod can do it?
Because an iPod is a hard drive disguised as a music player, which may help you get past less-than-competent physical security in ways that you couldn't with a pure hard drive.
Locked Down USB Ports! (Score:5, Informative)
That means that USB keys, iPods, plug-in hard drives and so on not only fail to work here, but they generate a little message to the IT department.
Some users, like our media guys, need this access for their work (in this case, digital camera images), and they have an exemption.
This lockdown removes the possibility for portable storage device-based data copying.
Of course, I can always stay late, take the PC apart, remove the hard drive, take it home and copy it, come in early the next day and re-install it. But that's just naughty.
My point is that IT security policies can easily stop this sort of issue, and most large companies are already doing this.
Re:Why not block the USB port? (Score:2, Informative)
More significantly though, this kind of thing really makes a case for Microsoft's Rights Management Services technology... even if you were able to copy the physical documents onto an iPod, they'd be completely useless to you outside the organization because they're encrypted, and only by talking to the RMS server (located internally) can they be unlocked.
His server's almost dead (Score:3, Informative)
^- The Coralized version of the software.
Re:Potential threat through USB/Firewire (Score:3, Informative)
I'm pretty sure the functionality you describe is only available to Firewire devices, not USB devices, because only Firewire devices can initiate peer-to-peer DMA transfers.
I am, however, waiting for auto-0wning Firewire dongles to turn up on the underground/import market...
Re:I don't get it. (Score:3, Informative)
In other words it's nothing very exciting (although this is a "limited" version of the program, there's no mention of what more the complete version does). The main point is that the iPod looks more innocuous than a plain external disk as everyone has pointed out.
Maybe if some kind of "autorun" file was added, it would be easier to use with a locked keyboard. But then I'm not very familiar with Windows. OTOH I suppose you can add limitations to disable the autorun function and/or disable the running of binaries from external volumes. And of course USB ports are frequently disabled nowadays.
I too was disapointed to see that it wasn't the iPod running the program as I was curious to see how it would talk to the PC.
Re:Business data? (Score:3, Informative)
You can also have it inventory file types. What this guy did was inventory audio and video files; then you run a query against the information gathered. And as the grand-parent said, *pow!* instant media library.
Our org uses Altiris. There's a default check box to see how many times someone ran solitaire.exe, for instance.... Fun stuff.