Pod slurping
Pod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on the inside of a firewall. The phrase "pod slurping" was introduced by Abe Usher. It pertains to a malicious program embedded in a USB storage device, which activates automatically upon being connected to a host.[1] There has been some work in the development of fixes to the problem, including a number of third-party security products that allow companies to set security policies related to USB device use, and features within operating systems that allow IT administrators or users to disable the USB port altogether. Unix-based or Unix-like systems can easily prevent users from mounting storage devices, and Microsoft has released instructions for preventing users from installing USB mass storage devices on its operating systems.[2] Additional measures include physical obstruction of the USB ports, with measures ranging from the simple filling of ports with epoxy resin to commercial solutions which deposit a lockable plug into the port.[3] See alsoReferences
External linksThe following external links act as an indirect mechanism of further learning on this topic (e.g., detailed descriptions, examples, and implementations).
|