[ISN] Warning on iPod threat
isn at c4i.org
Fri Apr 8 01:57:43 EDT 2005
Forwarded from: Richard Forno <rforno at infowarrior.org>
Same thing a (researcher but who had no security background) clown
from Gartner in the UK said a few months ago. Perhaps Apple's new
motto should be "ph34r the 1p0d" or something. Watch their sales
rocket if they do. :)
To counter such "threats" means that either employees need to show up
to work naked and sans ANY items (keys, keychains, lunchbags, purses,
wallets, etc.) or companies will have to quit using computers.
Neither scenario is feasible. Of course, any company TRULY concerned
about their data protection would want to eliminate the use of CDs,
DVDs, printers, faxes, modems, and their internet connection, too.
Yeah, I see that happening, too.
> The survey found that many IT managers were ignoring the issue, with
> over a third saying they did not view the devices as a threat.
Granted, the potential for such data leaks is a valid one, but perhaps
the IT managers surveyed know more about what they view as a "threat"
to their information than a third party like Centennial?
I take such reports with a very large grain of salt.
On 4/7/05 2:15 AM, "InfoSec News" <isn at c4i.org> wrote:
> [I wonder if this CEO has been reading old copies of InfoSec News
> from about '02 - http://seclists.org/lists/isn/2002/Mar/0002.html - WK]
> Iain Thomson
> 06 April 2005
> Portable media players like the iPod pose a significant security
> risk according to figures from software auditors Centennial
> Nearly nine out of ten of the 220 IT managers questioned took no
> action to prevent such devices coming into the workplace even though
> over half of them recognised storage devices like the iPod as a
> "External security risks are well documented, but firms must now
> consider internal threats, which are potentially even more
> damaging," said Andy Burton, chief executive of Centennial Software.
> "Deliberate or accidental, the damage caused by the misuse of
> removable media devices can be disastrous. Employees can seriously
> endanger the company by taking sensitive information off-site,
> introducing viruses, or simply creating a build up of unwanted files
> on the network."
More information about the ISN