reconsidering physical security: pod slurping

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: reconsidering physical security: pod slurping
From: Abe Usher <abe.usher@xxxxxxxxxxxxxxx>
Date: Sun, 12 Jun 2005 23:34:11 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

pod slurping
------------

I've written a report that explores an idea that has been known by thesecurity community for decades: physical security is important toinformation system security.

A year ago a report was published by the Gartner Group warning thatiPods <http://www.apple.com/ipod/> (and other multi-gigabyte portablestorage devices) pose a security risk for enterprises<http://www.infoworld.com/article/04/07/06/HNipodsrisk_1.html>. I'vecreated an application (*slurp.exe*) that demonstrates this concept.When the program is run from an iPod, it can __very__quickly__ copythousands of interesting files* from a PC to an iPod.


The full article and proof-of-concept application are available at:
http://www.sharp-ideas.net

Cheers,
Abe Usher, CISSP

* Office documents, *.pdf,*.xml, *.dbf, *.log, *.dat, *.txt, *.csv,*.htm, *.url, et cetera

Prev by Date: [OpenPKG-SA-2005.009] OpenPKG Security Advisory (gzip)
Next by Date: TSL-2005-0028 - multi
Previous by thread: [OpenPKG-SA-2005.009] OpenPKG Security Advisory (gzip)
Next by thread: TSL-2005-0028 - multi
Index(es):
- Date
- Thread