podslurping (slurping)

Podslurping (sometimes just called slurping) is the unauthorized download of data from a computer to a small device with storage capacity, such as a flash drive or an iPod or other MP3 player.

The small size of the devices and the ease of connectivity -- for example through the USB port or a wireless Bluetooth connection -- makes it possible for anyone who can get access to a computer to download files from it quickly and surreptitiously.

To illustrate the ease of podslurping, security expert Abe Usher created a proof of concept application called slurp.exe. Using the program on his iPod, Usher was able to copy all document files from his computer in 65 seconds. Usher now makes a version of his program for security audits that does not actually copy the files but generates a report of the information that could have been stolen in a real attack.

To protect against podslurping and other network intrusions targeting individual computers, experts recommend that administrators develop and enforce effective endpoint security policies.

This was last updated in March 2006

Continue Reading About podslurping (slurping)

Dig Deeper on Enterprise mobile security