| |||||||||||||
Attack of the killer iPodsAttack of the killer iPodsPosted Jun 23, 2005 10:12 UTC (Thu) by pilif (guest, #3857)Parent article: Attack of the killer iPods
Hi,
what I don't get is: To get that slurp.exe to work - in fact to execute any program on a computer - you have to be authorized.
So that disguised janitor may well come into the building and plug that iPod, but he will not be able to copy over any data - as he cannot login and thus cannot start that program.
The exception of course are publically accessable machines, but those should not have any sensitive data on them - and neither should they have access to them via network.
So the only way to really get to those documents is by hardware-modification (ie. take out the harddrive and hope data's on it and not only on servers), but this works as well with an ipod as without.
What do I overlook?
Philip
(Log in to post comments)
Attack of the killer iPods Posted Jun 23, 2005 10:56 UTC (Thu) by NAR (subscriber, #1313) [Link] What do I overlook?The possibility of rebooting the computer with a Live CD. The the janitor can bypass every security measure that is set up by the running operating system: password-protected screensavers, etc. However, if the data disk is encrypted, the janitor won't be able to access the data on it. As more and more companies replace their desktop systems to laptop, the encryption gets installed by default anyway.
Attack of the killer iPods Posted Jun 23, 2005 14:58 UTC (Thu) by Ross (subscriber, #4065) [Link] Or if you have a BIOS password...
RE: Attack of the killer iPods Posted Jun 28, 2005 14:49 UTC (Tue) by dvlmsd (guest, #932) [Link] I *believe* the attack works as follows:
In windows there an "autorun" feature. If a CDROM or (USB) device has a "autorun.inf" file specifing an executale, that exec will be run, whether your logged in or not, when the disk/device is mounted. In this case the executable simply searches the disk for word files and copies them to the device.
|
|||||||||||||