iPods a security risk, warns complete idiot.

Uh, sorry Ryan, but I don't think the analyst is the complete idiot here.

USB devices are legitimate threats to the enterprise. As the article points out, the risk is two-way: sensitive data leaving and malicious or otherwise unapproved software entering. This is a very real liability, especially for those of us in regulated industries. (Industries, for example, that must even block, gasp, WEB MAIL!).

Here at work, we wrote a service that disables all USB devices that are classified as a drive to the OS. This includes flash drives, thumb drives, and devices like the iPod that otherwise show up as drives.

Britain's Ministry of Defense thinks they are a threat, too.

Really, though, I wonder if you even read the article. Yes, the threat is not exclusive to the iPod - but then the iPod is simply used as an *example* of such a device. The subtitle says it all: "Brief: Mobile storage devices could give thieves and hackers a back door into corporate networks".

Ryan says that floppies are also a risk, and he's right about that. The difference, of course, is that you can easily disable floppy drives. You can't (easily) do the same with USB unless you also want to disable that USB mouse and that USB keyboard..


blog comments powered by Disqus