Oh no, not an iPod! (redux)

By
EKR
on June 22, 2005 7:55 PM | Comments (1) | TrackBacks (9) |
Today's TechWeb News has an article about the dire threat that iPods pose to enterprise security. The latest round handwringing was set off by Abe Usher's demonstration of a program that would copy all the document files on a hard drive into your iPod. Now, we've known that this was possible for years and writing a program like this is incredibly trivial (it's a one-liner on UNIX). Usher's primary contribution appears to have been to give this attack a cool-sounding name: "pod slurping".

It's not clear why Usher decided to focus on the iPod, since the same attack is possible with USB memory sticks, which are now so small they can fit easily in your wallet. Anyway, As I observed the last time this came up, stopping people who have physical access to your machines from stealing your confidential information is basically impossible--unless you're willing to strip search them on the way in and out. And this has been true pretty much ever since the invention of compact removable media--even a 5.25" floppy can carry plenty of confidential stuff. The take home is simple. If you don't trust people, don't let them near your computers, or any other confidential stuff for that matter.

9 TrackBacks

Listed below are links to blogs that reference this entry: Oh no, not an iPod! (redux).

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/311

real estate listings for hilton head, sc from dadula.slife.com on July 25, 2005 6:52 PM

real estate software real estate listings for hilton head, sc real estate memphis real estate note buyers mls listings of real estate in florida raleigh nc real estate real estate listings colorado real estate note buyers germantown real estate santa c... Read More

las vegas realtor from las vegas realtor on August 28, 2005 8:02 PM

las vegas realtor Read More

raleigh airfare from raleigh airfare on September 7, 2005 9:01 AM

raleigh airfare Read More

real estate appraisal from real estate appraisal on October 8, 2005 2:28 AM

real estate appraisal Read More

Free manga hardcore vids index from Forum of sexy women pics on December 9, 2005 10:13 PM

Teenager xxx illegal sex Nigger sex free pic Pics girls I fucked the wifes sister stories Read More

Free Ringtones from Free Ringtones on January 19, 2006 4:48 PM

Free Ringtones Read More

3 card poker from 3 card poker on January 21, 2006 9:04 AM

adjured standard hoes stomaches Swedish Tracy!texas hold em http://www.birchfieldharriers.org/ sales!scribbles poker http://poker.dedicated-poker.com/ Read More

1 Comments

By Adam Shostack on June 23, 2005 8:11 AM

I'm not sure about Usher, but both Maynor and Dornsief used ipods because they can actively attack the system, and run attack code on the ipod.

You plug in the ipod, you get direct access to host RAM. You plug in a USB stick, at best, the mounter will execute some code in autorun.inf.

Leave a comment

January 2010

S M T W T F S
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Search

Categories

Powered by Movable Type 4.23-en