What is Digg?52 Comments
- goodespeler, on 10/12/2007, -2/+4lameass program, i can whip up an .exe that does this in 10 minutes with a few lines of python. the real question is, does anyone want me to do this?
------------
Can you whip up a mirror of the website instead? Thanks. ;) - kenwestin, on 10/12/2007, -0/+1Mach 5, exactly. I think that is the point of the application to show the potential threat and just how easy it is to extract data from a system using unprotected ports.
- mogebier, on 10/12/2007, -0/+1We killed the link already.
But isn't what thumb drives were invented for?? Stealthily stealing stuff??
Companies just popularized them as easy storage devices. - deathpasser, on 10/12/2007, -0/+1He apparently is now only wanting you to download 2.0 (but its still easy to get around this and get the old one)
So I download, and it didn't work too well. Apparently, since he's using 'Documents and Settings' as the file from where it starts off (and it has a max limit of 200) it downloads a bunch of relitively irrelevent stuff (in terms of information "stealing"ness from corporations). But its just a proof of concept, not a skiddie tool, and that was probably done just to prevent it from falling into the wrong hands so Digg+ - lateralus, on 10/12/2007, -0/+1Just don't download slurp.mov, totally different context.
- deathpasser, on 10/12/2007, -0/+1Apparently he altered the file that you download now (slurp 2.0 or something). But if you look closer you can still see the actual proof of concept...version 1.0. I don't know why he'd change it, 1.0 is pretty useless as a skiddie tool anyways, its got a max file limit and also it has the areas its searching pre-selected.
- kenwestin, on 10/12/2007, -0/+1You can download it here as well:
http://tinyurl.com/8oqu3 - Sithlrd, on 10/12/2007, -0/+1Real industrial espionage experts dont have to resort to such weak ass things as hardware USB keys.
- RoyHobbs, on 10/12/2007, -0/+1"Please someone make the program that will detect, list, and copy any of the files (doc, xls, ppt, pst, pdf) etc and post it up.
Thanks!"
xcopy .doc .xls .ppt .pst .pdf - winkydo, on 10/12/2007, -0/+1this just means that all the companies toying with SOX will just add the tools to block usb pen drives from working and/or keep a list of files copied and logged on user...
- kenwestin, on 10/12/2007, -0/+0Probably depends on who's computer you plugged something like this into. Not much point if it's grandmas computer and you lift all of her pie recipes, but how about the CFO's system or systems in a Credit Union that have access to customer data....
- jeremy66158, on 10/12/2007, -0/+016 July 2005 www.newscientist.com
Syd Curtis Hawthorne, Queensland, Australia
Can't we turn this to positive use? It seems to offer a safe and very fast back-up. Spend 65 seconds a day copying all your files - ideally onto two iPods alternately - and you can keep all your data separate from your main computer and thus absolutely immune to hackers and other disasters.
Choose the correct alternative:
1. According to the text, the term "pod-slurping" is related to:
a) storing information in computers.
b) robbing people of their iPods.
c) plugging new kinds of devices into computers.
d) deleting important programs.
e) stealing companies' data which are stored in computers. - MiniZ, on 10/11/2007, -0/+0im looking for the first generation program of slurp.exe... if anyone has, pleaes send it to f4zenet@gmail.com... thanks
- kenwestin, on 10/12/2007, -0/+0Here is a link to the DeviceWall product mentioned earlier http://www.devicewall.com
- drycounty, on 10/12/2007, -0/+0hmmm, great idea, but I cannot get it to work, even after decompressing everything onto my thumb drive.
I'm on an XP Home machine with few .doc documents in my home folder. Know if this works on XP Home? - Anth, on 10/12/2007, -0/+0I dont get it, the device is running the software or the PC?
- inactive, on 10/12/2007, -0/+0Useful for moving stuff without much effort, useless for stealing top secret info.
- kenwestin, on 10/12/2007, -0/+0Syd, very good point. Sometimes you do need to let select employees have access to these devices in order for them to do their job. This is why just locking down ports in the bios is not the best solution. There are software products like DeviceWall that allow an administrator to provide access to certain devices to certain employees, provide read or write access and even audit what is downloaded.
- bmmccarthy, on 10/12/2007, -0/+0Rename your files what you want. I bet slurp could be modified easy enough to download anything. Better to prevent the device connecting in the first place.
- Mach5, on 10/12/2007, -1/+1lameass program, i can whip up an .exe that does this in 10 minutes with a few lines of python. the real question is, does anyone want me to do this?
- shocktech, on 10/12/2007, -0/+0Please someone make the program that will detect, list, and copy any of the files (doc, xls, ppt, pst, pdf) etc and post it up.
Thanks! - ravi., on 10/12/2007, -0/+0hmm start renaming pr0n files to doc/xls :o
- Tweekster, on 10/12/2007, -1/+1I would like to remind people that most "secret" valuable business documents really have no value to ANYONE else.
corporate espionage is just too risky for another company to fully engage in. and secondly, most of the time those super secret documents are useless to everyone else.
they may be valuable to the company, but that value ends when it leaves the building - goodespeler, on 10/12/2007, -0/+0You can download it here as well:
http://tinyurl.com/8oqu3
----------------
This only generates a report of documents but does not actually copy them. I want one that copies them for testing. - kenwestin, on 10/12/2007, -0/+0I am using XP Pro and it works, it creates a report file
- deathpasser, on 10/12/2007, -0/+0"This only generates a report of documents but does not actually copy them. I want one that copies them for testing."-goodsepeler
Its just a proof of concept and it is relitively useless, you'd be better off coding your own. But if you do want to see the unmolested v1.0 of this thing, I've uploaded here (under the assumption that there is no copyright restrictions and crap):
http://www.yourfilelink.com/get.php?fid=11096 - QuikSilvr, on 10/12/2007, -0/+0This would be good on a high school computer
- bmmccarthy, on 10/12/2007, -0/+0Here you go: These hilarious stickers will help prevent someone from stealing data
http://www.centennial-software.com/programs/sticker_order/?src=digg - BigJuiceMan, on 10/12/2007, -0/+0now if only I could change it to grab *.mp3
- nugget, on 10/12/2007, -0/+0also with usb storage devices you could inject a new virus into the company network, which is just as leathal, or a backdoor. And with my school's old windows based systems you could log in as guest and had access to what you did if you logged into it using your personal account except for the network storage. So we could have easily introduced a backdoor/trogan/virus and take down the entire network which everything was connected to the highschool so if we took the HS down, everything else went down and they had to redirect everything to the middle school but that never had a complet backup of everything.
- kenwestin, on 10/12/2007, -0/+0Actually not as obvious to some as it should be, considering the number of data thefts in the news lately. Not just with USB and removable devices, but just a general endpoint security strategy in general.
- wurstchen, on 10/12/2007, -0/+0I think the concept in the article is quite valid, and those that say that the issue is moot may not be seeing the whole argument. When a temporary worker comes on-site to work at your office location, they get a keycard and network access. Who are these people? Just because you let them in the front door to do some contractual work, should they always be reading and writing to the network? I had to laugh when I was in my financial services company office, rolling over a fund to them. I wanted to use their PC to look up my account (basically surf the Web), but my rep wouldn't allow me to do so for security reasons. However, this same rep left me in his office unattended for 1 hour while I filled out forms, his USB drive staring me in the face. Hmm, okay, so I can't use your PC to look something up, but had I had a flash drive, I could've downloaded who knows what. Think the risks aren't there? Think again.
- peerk, on 10/12/2007, -0/+0I made some thing like this except if was for backups.
I worked at a place where a lot of users would have documents scattered all over. So the program searched for files with the extensions that needed to be backed up.
- sofa0ne, on 10/12/2007, -0/+0I understand it is/was intended to be a proof of concept, but that doesn't replace the fact that a proof of concept already existed.
I also didn't miss the point, I saw it years ago.
Isn't pretty obvious, and considered common knowledge that most peripherals be it USB or any other can be exploited and used in data theft, and/or other malicious exploits?
- sofa0ne, on 10/12/2007, -0/+0Couldn't you just make a cmd file?
[ xcopy "c:documents and settings*.txt" . /S /G /Q /Y ]
Disabling USB, locking the case might be one way... but I am sure there are other methods that would only allow existing USB drivers/attachments to work.
Ultimately if someone has un-supervised access to a box, anything can happen. - sofa0ne, on 10/12/2007, -0/+0that dropped a slash but you get the idea...
- kenwestin, on 10/12/2007, -0/+0Disabling USB ports really isn't the answer as you may have some employees in your company who need to use a particular device. The nice thing about using existing software to manage endpoint security is that you can provide granular access to specific devices to specific employees. Say you want your web developers to listen to read from their iPods, or memory sticks, but not write to it (say if you have a policy about downloading music at work), this allows them to listen to their music and complying with a company and ensuring that nobody is downloading data they shouldn't. The Sony root-kit issue is another example, since software like DeviceWall also allows you to disable CD-ROM drives, then you don't need to worry about root kits finding their way into their network simply because a receptionist unknowingly installed one by just putting a new CD they bought.
I don't think this is supposed to be a fully working product, but instead a proof of concept. You folks complaining that you could write this in 10 minutes etc are missing the point. The fact that an application like this is simple in its design, yet can cause serious problems for a company if customer data or intellectual property is stolen. The fact that something like this is so easy to write, really pushes the point home that most networks are not secure, sure you spend lots on your perimeter, anti-virus, spam filter, spyware etc, but then wham just plug in USB device, access the company network drives, no hacking needed. I don't think you have to look to far to see the number of data theft occurrences, it seems a new headline is popping up everyday. The majority of these security breaches are not happening from people being hacked from outside their network, but by internal employees and contractors helping themselves to company data. - chrono13, on 10/12/2007, -0/+0"And with my school's old windows based systems you could log in as guest and had access to what you did if you logged into it using your personal account except for the network storage. So we could have easily introduced a backdoor/trogan/virus and take down the entire network which everything was connected to the highschool so if we took the HS down..."
So far we are hypothetical.
"everything else went down and they had to redirect everything to the middle school but that never had a complet backup of everything."
And now we switch to past tense. I'm guessing you never actually did this. Someone may have, but it wasn't you. They had to redirect everything? And you know that the backups were incomplete because it actually happened?
Then why were you running this whole story as a hypothetical for the first 3/4 of it? - kenwestin, on 10/12/2007, -0/+0Site is back up
- dyergin, on 10/12/2007, -1/+0Since that link is already dugg to death, here's an alternate: http://lwn.net/Articles/140001/
- nugget, on 10/12/2007, -1/+0yay I can see my posts again!!!
- erhead, on 10/12/2007, -1/+01. no working copy of the program - produces an html list of docs
2. not user configurable to search the drive in other places, or the entire drive, or for other drive letters
3. could be easily replaced by any script file (you could even write one in notepad as a batch file; i.e., copy.bat) and run by the autorun.inf file. in other words, even an idiot could write this on his own
4. was actually written back in june of last year
5. do i really need to go on?
this useless crap keeps getting onto major headlines. this is the reason other major news sources don't take user-submissions - they're generally useless, outdated artifacts, are rarely news-worthy, and almost never technical. This is the type of story that makes me take a second look at other news sites. I don't have to wade through useless crap like this just because some luser wanted to be the first one to post a new link on digg.
blah. no digg. - DASH, on 10/12/2007, -1/+0Dead Link
- TKDWILSON, on 10/12/2007, -1/+0""""""lameass program, i can whip up an .exe that does this in 10 minutes with a few lines of python. the real question is, does anyone want me to do this?""""""""""
Please!!!!!!!! TKDWILSON@GMAIL.com of course you will have to remove the extention to email it. I would love this and would be willing to trade whatever I have that you want for it. Email me if you want. Thanks.
Eric Wilson - jabfish, on 10/12/2007, -1/+0cause you can setup limited accounts that disable driver-installs, setup a bios password, disable booting off of floppys/cdroms/usb, and disable autorun/autoexec of any removeable media?
takes a lame admin to phear this *****.. - n3tfury, on 10/12/2007, -1/+0wouldn't mean a hill of beans on a real corportate network.
- Wrathernaut, on 10/12/2007, -3/+1WinKey + F, *.doc, *.txt *.xls ... on Local Drives *Search*
Ctrl+A -> RightClick -> SendTo -> "USB ThumbDrive" E:
Who needs a program to do that? The search can even run in the background, eliminating the time required to have your USB drive visible.
No Digg. - will-rom, on 10/12/2007, -2/+0lame...
- jeremy66158, on 10/12/2007, -2/+0The guy who posted this should have said it was written as a non-working program on purpose. It was made only to test the concept! If you need to steal people's docs try to find a better source than digg! Not to mention it is old news.
- HebrewHammer, on 10/12/2007, -3/+0um duhh
-
Show 51 - 52 of 52 discussions
Catch all of your favorite Digg shows in one place, including Digg Dialogg, Diggnation, The Digg Reel and More!
© Digg Inc. 2009
— Content created and posted by Digg users is