Bryan Singer, Chair of SP99, and a SCADA and process security expert in his day job, posted the following on the SCADA email discussion list yesterday:
Beware of the enemy at the watercooler…(hopefully this isn’t a repeat)
Article Text (excerpt)
Beware the ‘pod slurping’ employee
A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.
Abe Usher, a 10-year veteran of the security industry, created an application that runs on an iPod and can search corporate networks for files likely to contain business-critical data. At a rate of about 100MB every couple minutes, it can scan and download the files onto the portable storage units in a process dubbed “pod slurping.”
To the naked eye, somebody doing this would look like any other employee listening to their iPod at their desk. Alternatively, the person stealing data need not even have access to a keyboard but can simply plug into a USB port on any active machine.
. . .
Some other interesting USB hacks include the Switchblade and Hacksaw featured at hak5.org….taking advantage of U3 technology that allows USB thumb drives to be mounted as CD-ROM’s