Close

Results 1 to 5 of 5
  1. #1
    DF VIP Member
    unclex's Avatar
    Join Date
    Nov 2000
    Location
    MARS
    Posts
    2,070
    Thanks
    18
    Thanked:        38
    Karma Level
    401

    Default Beware the 'pod slurping' employee

    Beware the 'pod slurping' employee
    By Will Sturgeon
    Special to CNET News.com
    Published: February 15, 2006, 10:29 AM PST
    Tell us what you think about this storyTalkBack E-mail this story to a friendE-mail View this story formatted for printingPrint

    A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.

    Abe Usher, a 10-year veteran of the security industry, created an application that runs on an iPod and can search corporate networks for files likely to contain business-critical data. At a rate of about 100MB every couple minutes, it can scan and download the files onto the portable storage units in a process dubbed "pod slurping."

    To the naked eye, somebody doing this would look like any other employee listening to their iPod at their desk. Alternatively, the person stealing data need not even have access to a keyboard but can simply plug into a USB port on any active machine.

    Usher denies that his creation is an irresponsible call to arms for malicious employees and would-be data thieves, and instead insists that his scare tactics are intended to stir companies into action to protect themselves against the threat.

    "This is a growing area of concern, and there's not a lot of awareness about it," he said. "And yet in 2 minutes, it's possible to extract about 100MB of Word, Excel, PDF files--basically anything which might contain business data--and with a 60GB iPod, you could probably have every business document in a medium-size firm."
    In other news:

    * Software pioneer Bricklin tackles wikis
    * Rock's living history, streamed online
    * RSA: Taking a bite out of cybercrime
    * 'Dodos' film pecks holes in evolution debate
    * Sign up for News.com's Morning Dispatch and other newsletters, click here.

    Andy Burton, CEO of device management firm Centennial Software, said Usher walks a fine line but believes that he is acting with the best intentions and agrees that companies that still haven't recognized the threat need to be given a wake-up call.

    "Nobody wakes up in the morning worrying about antivirus or their firewall because we all know we need those things, and we all have them in place," Burton said. "Now the greatest threat is very much inside the organization, but I'm not sure there are that many businesses (that) have realized it's possible to plug in an iPod and just walk away with the whole business in a matter of minutes."

    Usher said companies shouldn't expect any help from their operating system, the most popular of which lacks the granularity to manage this threat effectively without impairing other functions.

    "(Microsoft Windows) Vista looks like it's going to include some capability for better managing USB devices, but with the time it's going to take to test it and roll it out, we're probably two years away from seeing a Microsoft operating system with the functionality built in," Usher said. "So companies have to ask themselves, 'Can we really wait two years?'"

    Citing FBI figures that put the average cost of data theft at $350,000, Usher argues that they can't.

    "The cost of being proactive is less than the cost of reacting to an incident," Usher said.

    http://h**p://news.com.com/Beware+th...3-6039926.html
    Last edited by unclex; 20th February 2006 at 03:05 PM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:

  2. #2
    DF VIP Member
    unclex's Avatar
    Join Date
    Nov 2000
    Location
    MARS
    Posts
    2,070
    Thanks
    18
    Thanked:        38
    Karma Level
    401

    Default Re: Beware the 'pod slurping' employee

    h**p://www.sharp-ideas.net/downloads.php


    Download here

    h**p://***.sharp-ideas.net/download/slurp.zip
    Last edited by unclex; 20th February 2006 at 03:06 PM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:

  3. #3
    DF VIP Member
    unclex's Avatar
    Join Date
    Nov 2000
    Location
    MARS
    Posts
    2,070
    Thanks
    18
    Thanked:        38
    Karma Level
    401

    Default Re: Beware the 'pod slurping' employee

    Pod slurping

    Executive Summary This brief article explores an idea that has been known by the security community for decades: physical security is important to information system security. A year ago a report was published by the Gartner Group warning that iPods (and other multi-gigabyte portable storage devices) pose a security risk for enterprises.
    I've created an application (slurp.exe) that demonstrates this concept. When the program is run from an iPod, it can very quickly copy data files off of a PC and on to an iPod. If you'd like to try slurp.exe for yourself, there is a reduced functionality version* available in the download section and some instructions on the howto page.


    Background: the importance of information
    In historical periods of the past the precious commodities used for trade included food, land, oil, and gold. The currency of the information age is the bit.** Of course a single bit of information may have no implicit value by itself. However, a collection of bits combined together forms a byte (8 bits), and bytes are the building block for all digital information that is stored, transmitted, and processed.

    Information economies such as the United States gain competitive advantage in the global marketplace through their methods of creating, analyzing, and distributing information. Organizations that fail to protect their information resources do so at great peril. (An organization without a security plan isn't worth two bits!)
    Digital music players: portable information storage
    iPods and other portable storage devices are gaining popularity within the United States. More than 15 million iPods have been sold since Apple introduced its hip line of portable music players. According to the Apple Web site: "the original iPod remains the archetypical digital music player for Mac and PC. " The iPod and similar devices are essentially small hard-drives that can play music. Why focus on the iPod? (1) It has tons (30 Gigabytes) of storage space and (2) I have one and absolutely love it.

    Case study: Pod slurping
    The scenario
    An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod (or similar portable storage device). He walks from computer to computer and "slurps" up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations. He returns home and uploads the files from his iPod to his PC. Using his handy desktop search program, he quickly finds the proprietary information that he was looking for.***

    Sound far fetched?

    An experiment
    I conducted an experiment to quantify approximately how long it takes to copy files from a PC to a removable storage device (iPod, thumbdrive, et cetera) if you have physical access. The quick answer: not very long.

    I wrote a quick python application (slurp) to help automate the file copy process. Slurp searches for the "Cocuments and Settings" directory on local hard drives, recurses through all of the subdirectories, and copies all document files.

    Using slurp.exe on my iPod, it took me 65 seconds to copy all document files (*.doc, *.xls, *.htm, *.url, *.xml, *.txt, etc.) off of my computer as a logged in user. Without a username and password I was able to use a boot CDROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds.

    Countermeasures to portable storage devices
    Security professionals that want to reduce risk of data theft by physical security breach have two general categories of options: policy based countermeasures and technology based countermeasures.

    Policy based:
    *Restrict removable storage devices in the workplace.
    *Enforce strong physical security that prevents intruders from gaining access to information systems.

    Technology based:
    *Disable USB connections in system BIOS
    * Use third party software to protect against unauthorized data disclosure
    * Use encryption (such as Microsoft's encrypted file system) to maintain data confidentiality
    * Keep corporate data on protected network shares rather than individual desktops.

    Conclusion
    Digital music players are great for playing music; however, they can also be used for other purposes. As widespread adoption of portable storage devices (iPods, thumbdrives, pendrives, et cetera) continues, organizations must have specific plans for protecting their digital assets.


    * DO NOT use this application for nefarious purposes. Slurp.exe is my attempt to take the abstract notion that physical security is important and demonstrate it in a concrete manner. The version of slurplite.exe that is on this Web site is "crippleware" - it only works when a user is actively logged on to a computer and does not copy files, but rather creates a report of how many files it found and how long it would take to copy them.

    ** An old joke among computer scientists: there are 10 types of people in the world; those that understand binary math and those that do not.

    *** Desktop search
    In the past year several companies have produced free and low cost "desktop search" utilities to help users sift through large quantities of files. dtSearch, Google desktop search, copernic search, Yahoo search are just a few of an expanding class of Windows file search utilities.

    **** The Register had an interesting story on a similar topic a while ago.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:

  4. #4
    DF VIP Member
    unclex's Avatar
    Join Date
    Nov 2000
    Location
    MARS
    Posts
    2,070
    Thanks
    18
    Thanked:        38
    Karma Level
    401

    Default Re: Beware the 'pod slurping' employee

    Pod slurping howto

    slurp version 2.0 (slurp lite)
    by Abe Usher

    Purpose:
    To create a proof-of-concept application that copies office documents from a Windows computer to an iPod (or other removable storage device). The point of this exercise is to demonstrate (quantitatively) how quickly data theft can occur with removable storage devices.

    Method:
    I wrote a short application that searches for the "Cocuments and Settings" directory on a Windows computer. It then recurses through all of the subdirectories, copying all of the documents (*.doc, *.xls, *.htm, *.url, *.pdf, etc.) to the directory that it is running from.


    FAQ:
    (1) How do I get this thing up and running?

    Step 0
    Stop the iPod Service in Windows (if iPod software is installed and running).

    Step 1
    Unzip slurplite.zip

    Step 2
    Copy the entire "slurp" directory to your removable storage device (iPod, external hard drive, etc.)

    Step 3
    Run the application file "slurplite.exe" and watch it copy files.


    (2) My copy of slurplite.exe doesn't work. What happened?
    What did you do?! Just kidding. You probably didn't unzip the library files that come with slurp. Slurp needs all of these files in the same directory that it runs from or it won't work.

    (3) I want to run slurp on a linux computer. What do I do?

    Write your own application. Slurp.exe is windows only at this point.
    Last edited by unclex; 20th February 2006 at 03:06 PM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:

  5. #5
    DF VIP Member
    unclex's Avatar
    Join Date
    Nov 2000
    Location
    MARS
    Posts
    2,070
    Thanks
    18
    Thanked:        38
    Karma Level
    401

    Default Re: Beware the 'pod slurping' employee

    the download is now working
    Last edited by unclex; 23rd February 2006 at 01:37 AM.
    Have Fun.





    U.N.C.L.E. X

    More UNCLEX than last week but less next :woot:

Similar Threads

  1. Beware Penta1.12 & 1.14 for MM
    By knee doc in forum Digital Satellite TV
    Replies: 0
    Last Post: 17th March 2003, 04:20 PM
  2. Online Pirates Beware
    By crack_it in forum The Dog and Duck
    Replies: 10
    Last Post: 24th January 2003, 05:44 PM
  3. cracking crews beware
    By TECK CMP in forum PC Software
    Replies: 4
    Last Post: 16th October 2002, 07:14 PM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •