Fatma Bazargan’s blog


Podslurping
February 2, 2009, 9:21 am
Filed under: Security
Podslurping

Podslurping

As my high interest to read about what’s new with everything related to the autorun.inf, I stumbled today upon something called as Podslurping which is titled as the new endpoint security threat (Data Theft): where access is gained while the computer is rendered unattended.

 

As per the Wikipedia, Podslurping is the act of using a portable data storage device such as an iPod, USB, etc. to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held.

 

Why is Podslurping becoming an endpoint security threat? Because you don’t need to login to the computer in order to copy confidential data! All you need is as USB Hacks mentioned a few lines of .bat file (batch file) and a reasonable copy program and you are good to go. (Plug it in and then come after an hour to fetch it out!)

 

Now, do you recall one of the solutions I talked about previously in one of my blog entries on how to disable the Autorun feature via the registry? Exactly that solution can impede against Podslurping. Do test it in your labs. 

 

Interesting Reads:

http://www.pik-potsdam.de/members/gibietz/security-management/protecting-windows-computers-against-attacks-that-are-based-on-usb-sticks

 

http://nick.brown.free.fr/blog/2007/10/memory-stick-worms.html

 

Enjoy!

FB.

Advertisements

Leave a Comment so far
Leave a comment



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s



%d bloggers like this: