Sharp Ideas, LLC
New proof-of-concept application demonstrates how quickly and easily an insider can utilize USB-enabled devices to steal data
Arlington, VA - January 25, 2006 - Sharp Ideas, LLC, an information technology consultancy that specializes in testing and creating cost-effective IT security solutions, today announced the release of Slurp Audit - a second generation proof-of-concept application designed to demonstrate how easy it is to steal corporate data with portable storage devices (such as iPods, PDAs and USB Sticks). The application was designed to raise awareness within the corporate community about the risks associated with unmanaged portable storage devices in the workplace.
“Many of todayâ€™s businesses havenâ€™t grasped the severity of risks associated with unmanaged portable storage devices on a corporate network,” said Abe Usher, Founder of Sharp Ideas, LLC. “Slurp Audit was created to show how easy it is to steal large amounts of data from corporate PCs using mobile devices like iPods, and it reinforces the fact that organizations desiring comprehensive security must have strategies in place that address the endpoint.”
What is Slurp and how does it work?
Slurp.exe was originally created in June 2005 as a proof-of-concept application for automatically downloading data from a networked PC to an iPod. Upon its release, the issue quickly became known as â€˜PodSlurping,â€™ which raised corporate awareness around data theft (and has since moved beyond iPods to encompass all portable storage devices). By simply connecting a device running Slurp to a PC via USB, firewire or Bluetooth, the â€˜PodSlurpingâ€™ application enables a device to quickly copy (in less than two minutes) all business documents (.doc, .xls, .ppt, .htm, .xml, .txt, etc.). The latest version of Slurp ” Slurp Audit ” does not allow users to actually download files, but instead generates an HTML report showing users what files would be stolen via a USB device had the download occurred.
These applications are not designed for use by hackers and should be considered similar to network vulnerability tools for assessing the state of endpoint security within an organization. To reinforce Slurpâ€™s viability as an assessment tool, Slurp.exe was purposely limited in the number of files it could copy and time it could run to deter its use by hackers.
Strategies for controlling the endpoint
The proliferation of portable storage devices in the workplace has created a security nightmare for IT managers trying to ensure the integrity of corporate data. Disgruntled employees or consultants now have the ability to quickly download customer lists or proprietary data in a matter of minutes.
As a consequence, IT managers need to establish an acceptable use policy that outlines what devices can and canâ€™t be used in the work environment, and select an appropriate application for enforcement. Complete PC lockdown is not the answer. Organizations should strive to allow the legitimate use of approved devices by authorized staff, ensuring that business productivity is not affected, while actively guarding against the removal of data by unauthorized parties. With large security providers focusing mainly on the network perimeter, new applications have hit the market from specialized security software vendors that focus on the endpoint.
For additional information on endpoint security strategies and for product suggestions, please visit
About Abe Usher
Abe Usher is the founder of Sharp Ideas, LLC, an information technology consultancy that specializes in testing and creating cost-effective IT security solutions. He is an accomplished security expert who has been cited by numerous publications including Wired Magazine, Network World and New Scientist Magazine. Usher is the developer of Slurp.exe, a proof-of-concept application for portable storage devices. He holds a Masterâ€™s degree in Information Systems and is a Certified Information System Security Professional (CISSP). Usher participates in the Information Systems Security Association (ISSA) and Information Assurance Technology Framework Forum. He is also a member of American Mensa.
About Sharp Ideas, LLC
Sharp Ideas is an information technology consultancy that specializes in testing and creating cost-effective IT security solutions to meet the needs of professionals in the medical services, law and real estate fields. The company was founded by Abe Usher, an information security systems expert with more than 10 years experience designing, building and managing secure systems with high availability. For more information on Sharp Ideas or Abe Usher, please visit www.sharp-ideas.net.