Forwarded from: William Knowles <wkat_private> [Just as Furbys were banned from the NSA, and security managers are wondering how to treat palmtops from wandering off with a few MB's of sensitive data, now Apple iPod's will be the next security threat to be writing policy on and banning from the office. - WK] http://www.wired.com/news/mac/0,2125,50688,00.html By Leander Kahney 2:00 a.m. Feb. 28, 2002 PST When Apple introduced the iPod, the company was aware that people might use it to rip off music from the Net or friends' machines. Each new iPod, in fact, is emblazoned with a sticker that warns, "Don't Steal Music." But it is unlikely that Apple imagined people would walk into computer stores, plug their iPod into display computers and use it to copy software off the hard drives. This is exactly the scenario recently witnessed by Kevin Webb at a Dallas CompUSA store. Webb, a computer consultant from Dallas, was browsing his local CompUSA when he saw a young man walk toward him listening to an iPod. Webb recognized the iPod's distinctive ear buds. The teenager stopped at a nearby display Macintosh, pulled the iPod from his pocket and plugged it into the machine with a FireWire cable. Intrigued, Webb peeped over the kid's shoulder to see him copying Microsoft's new Office for OS X suite, which retails for $500. When the iPod is plugged into a Macintosh, its icon automatically pops up on the desktop. To copy software, all the kid had to do was drag and drop files onto the iPod's icon. Office for MacOS X is about 200 MB; it copies to the iPod's hard drive in less than a minute. "Watching him, it dawned on me that this was something that was very easy to do," Webb said. "In the Mac world it's pretty easy to plug in and copy things. It's a lot easier than stealing the box." Webb watched the teenager copy a couple of other applications. He left the kid to find a CompUSA employee. "I went over and told a CompUSA guy, but he looked at me like I was clueless," Webb said. Unsure whether the kid was a thief or an out-of-uniform employee, Webb watched as he left the store. "I thought there's no point in getting any more involved in this imbroglio," Webb said. "Besides, this is Texas. You never know what he might have been carrying." CompUSA representatives didn't respond to requests for comment. Neither did Apple officials. The iPod is perfect for virtual shoplifting. It is designed as a digital music player, but its roomy 5-GB hard drive can be used as portable storage for all kinds of files, even the Macintosh operating system. In fact, it can operate as an external drive, booting up a machine and running applications. The iPod's FireWire interface -- one of its most important but undersold features -- allows huge files to be copied in seconds. The iPod doesn't even have to leave the user's pocket. And while the iPod has a built-in anti-piracy mechanism that prevents music files from being copied from one computer to another, it has no such protections for software. Ironically, Microsoft has pioneered an easy-to-use installation scheme on the Mac that makes its Mac software relatively easy to pilfer. The company is known for its sometimes heavy-handed, anti-piracy mechanisms in such products as Windows XP. When installing Office, users simply drag and drop the Office folder to their hard drive. Everything is included, including a self-repair mechanism that replaces critical files in the system folder. By contrast, a lot of software on the Windows platform relies on a bunch of system files that are only installed during an installation process. Simply copying an application from one machine to another will not work. Plus, getting a copy of the software application is only half the battle: most software won't work without a registration number. Usable serial numbers, however, are readily available on Usenet, IRC, Hotline and applications like Hacks and Cracks. "This is the first we have heard of this form of piracy," said Erik Ryan, a Microsoft product manager. "And while this is a possibility, people should be reminded that this is considered theft." While the iPod may be ideal for a software-stealing spree, there are a number of other devices on the market that could also be used by virtual shoplifters. As well as any external FireWire drive, there are now a number of tiny key-chain drives that plug into computers' USB ports, like M-Systems' DiskOnKey and Trek2000's ThumbDrive. Most key-chain drives work with both Macs and PCs. Some are available with up to one gigabyte of storage space. However, USB ports are a lot slower than FireWire, requiring the virtual shoplifter to hang around while the ill-gotten gains are transferring. CompUSA and other computer stores could take a few simple steps to prevent software from being copied, said Mac expert Dave Horrigan, who writes a syndicated Macintosh column. Any Mac can easily be configured to allow changes only by administrators, he said. Also, a system profile tool logs all peripheral equipment, but it must be running to log an iPod. For Macs running OS X, a locked dummy file in an application's package will protect the entire file from being copied without a password. But Horrigan didn't think the iPod presents a serious piracy threat to Microsoft, and doubted the company would take special measures to prevent in-store copying. "If Microsoft puts in protection it almost always screws up and causes problems for them or their legit users," he said. Dennis Lloyd, publisher of iPod fan site iPodlounge, also said this is the first time he'd heard of an iPod put to such use. "I can see how easy it would be to do," he said. "It's a shame someone has stooped this low to bring bad press to the insanely great iPod." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Mar 01 2002 - 05:27:27 PST