iPod poses a security risk (including how-to)

[Alexander Turcic]

Security consultant Abe Usher explores the idea how Apples iPod can pose a major security risk for enterprises. He wrote a small python tool, slurp.exe, that when it is run from an iPod, can very quickly copy data files off of a PC and on to an iPod.

Quote:

Slurp searches for the "C:\Documents and Settings\" directory on local hard drives, recurses through all of the subdirectories, and copies all document files. Using slurp.exe on my iPod, it took me 65 seconds to copy all document files (*.doc, *.xls, *.htm, *.url, *.xml, *.txt, etc.) off of my computer as a logged in user. Without a username and password I was able to use a boot CDROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds.

[via The Inquirer]

[Chaos]

I saw this a while ago (Slashdot maybe?), and there were several suggestions...

First, just don't allow music players of any sort. This could annoy employees, unfortunately. But if the need for security is so great, then this is the best way.

Second, just disable the ability to connect these devices. This could be done through, probably, either computer settings (on a Unix variant this would be relatively easy, although I don't know about Windows), or just physical security. If an employee cannot reach/access the USB or firewire ports, they can't connect anything to them. This might be harder to do, depending on whether the user needs to be able to access, say, the CD-ROM drive or anything else on the computer, or not.

While it's certainly a concern, there are some ways to deal with it.