[ISN] Warning on iPod threat

InfoSec News isn at c4i.org
Thu Apr 7 02:15:30 EDT 2005


[I wonder if this CEO has been reading old copies of InfoSec News
from about '02 - http://seclists.org/lists/isn/2002/Mar/0002.html - WK]

Iain Thomson
06 April 2005

Portable media players like the iPod pose a significant security risk 
according to figures from software auditors Centennial Software.

Nearly nine out of ten of the 220 IT managers questioned took no 
action to prevent such devices coming into the workplace even though 
over half of them recognised storage devices like the iPod as a 

"External security risks are well documented, but firms must now 
consider internal threats, which are potentially even more damaging," 
said Andy Burton, chief executive of Centennial Software.

"Deliberate or accidental, the damage caused by the misuse of 
removable media devices can be disastrous. Employees can seriously 
endanger the company by taking sensitive information off-site, 
introducing viruses, or simply creating a build up of unwanted files 
on the network."

The survey found that many IT managers were ignoring the issue, with 
over a third saying they did not view the devices as a threat.

Portable devices like the iPod can be used to store a whole variety of 
data, including documents and spreadsheets. The average 
word-processing file is between 25k and 30k, meaning that a 20GB 
player could hold more than 750,000 documents.

More information about the ISN mailing list