Re: [ISN] iPod is latest security risk for business, say analysts

From: InfoSec News (isn@private)
Date: Thu Jul 08 2004 - 03:50:56 PDT

Forwarded from: Richard Forno <rforno@private>

Obviously the person writing this advisory isn't a security person nor
had much experience in the real world of operational IT business life.  
I also wonder where this person has been for the last several
years....portable storage devices are hardly a "new" security concern.

Let's not forget that floppy disks and CDs still come-and-go freely in
many organizations, and I've encountered only a handful of enterprises
that block known (and actively seek out unknown) webmail account
providers that otherwise serve as a nice conduit to "bypass perimeter
defenses."  And that's just for starters.

If one takes this fellow's guidance to its logical conclusion,
companies need to either get rid of all computers, get rid of all
employees, or strip-search everyone as they come and go each day.
While that definitely increases security, methinks it 'might' -- just
might -- kill productivity. :(


> From: InfoSec News <isn@private>
> Reply-To: isn@private
> Date: Tue, 6 Jul 2004 04:52:37 -0500 (CDT)
> To: isn@private
> Subject: [ISN] iPod is latest security risk for business, say analysts
> [Gartner rehashing old ISN posts?
>  :)   - WK]
> By Andrew Donoghue
> July 06 2004
> Companies should consider banning portable storage devices such as
> Apple's iPod from corporate networks as they can be used to
> introduce malware or steal corporate data, according to an analyst.
> Small portable storage products can bypass perimeter defenses like
> firewalls and antivirus at the mailserver, and introduce malware
> such as Trojans or viruses onto company networks, claimed analyst
> house Gartner in a report issued this week. Analysts have warned for
> some time of the dangers of using portable devices, but the report
> points out these also now include "disk-based MP3 players, such as
> Apple's iPod, and digital cameras with smart media cards, memory
> sticks, compact flash and other memory media."

Help InfoSec News with a donation:

This archive was generated by hypermail 2.1.3 : Thu Jul 08 2004 - 05:22:35 PDT