[ISN] reconsidering physical security: pod slurping

InfoSec News isn at c4i.org
Tue Jun 14 12:47:08 EDT 2005

Forwarded from: Abe Usher <abe.usher at sharp-ideas.net>

pod slurping

I've written a report that explores an idea that has been known by the
security community for decades: physical security is important to
information system security.

A year ago a report was published by the Gartner Group warning that
iPods <http://www.apple.com/ipod/> (and other multi-gigabyte portable
storage devices) pose a security risk for enterprises
<http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html>. I've
created an application (*slurp.exe*) that demonstrates this concept.  
When the program is run from an iPod, it can __very__quickly__ copy
thousands of interesting files* from a PC to an iPod.

The full article and proof-of-concept application are available at:

Abe Usher, CISSP

* Office documents, *.pdf,*.xml, *.dbf, *.log, *.dat, *.txt, *.csv, 
*.htm, *.url, et cetera

More information about the ISN mailing list