Forwarded from: William Knowles <email@example.com>
[Just as Furbys were banned from the NSA, and security managers are
wondering how to treat palmtops from wandering off with a few MB's of
sensitive data, now Apple iPod's will be the next security threat to
be writing policy on and banning from the office. - WK]
By Leander Kahney
2:00 a.m. Feb. 28, 2002 PST
When Apple introduced the iPod, the company was aware that people
might use it to rip off music from the Net or friends' machines. Each
new iPod, in fact, is emblazoned with a sticker that warns, "Don't
But it is unlikely that Apple imagined people would walk into computer
stores, plug their iPod into display computers and use it to copy
software off the hard drives.
This is exactly the scenario recently witnessed by Kevin Webb at a
Dallas CompUSA store.
Webb, a computer consultant from Dallas, was browsing his local
CompUSA when he saw a young man walk toward him listening to an iPod.
Webb recognized the iPod's distinctive ear buds.
The teenager stopped at a nearby display Macintosh, pulled the iPod
from his pocket and plugged it into the machine with a FireWire cable.
Intrigued, Webb peeped over the kid's shoulder to see him copying
Microsoft's new Office for OS X suite, which retails for $500.
When the iPod is plugged into a Macintosh, its icon automatically pops
up on the desktop. To copy software, all the kid had to do was drag
and drop files onto the iPod's icon. Office for MacOS X is about 200
MB; it copies to the iPod's hard drive in less than a minute.
"Watching him, it dawned on me that this was something that was very
easy to do," Webb said. "In the Mac world it's pretty easy to plug in
and copy things. It's a lot easier than stealing the box."
Webb watched the teenager copy a couple of other applications. He left
the kid to find a CompUSA employee. "I went over and told a CompUSA
guy, but he looked at me like I was clueless," Webb said.
Unsure whether the kid was a thief or an out-of-uniform employee, Webb
watched as he left the store. "I thought there's no point in getting
any more involved in this imbroglio," Webb said. "Besides, this is
Texas. You never know what he might have been carrying."
CompUSA representatives didn't respond to requests for comment.
Neither did Apple officials.
The iPod is perfect for virtual shoplifting. It is designed as a
digital music player, but its roomy 5-GB hard drive can be used as
portable storage for all kinds of files, even the Macintosh operating
system. In fact, it can operate as an external drive, booting up a
machine and running applications.
The iPod's FireWire interface -- one of its most important but
undersold features -- allows huge files to be copied in seconds. The
iPod doesn't even have to leave the user's pocket.
And while the iPod has a built-in anti-piracy mechanism that prevents
music files from being copied from one computer to another, it has no
such protections for software.
Ironically, Microsoft has pioneered an easy-to-use installation scheme
on the Mac that makes its Mac software relatively easy to pilfer. The
company is known for its sometimes heavy-handed, anti-piracy
mechanisms in such products as Windows XP.
When installing Office, users simply drag and drop the Office folder
to their hard drive. Everything is included, including a self-repair
mechanism that replaces critical files in the system folder.
By contrast, a lot of software on the Windows platform relies on a
bunch of system files that are only installed during an installation
process. Simply copying an application from one machine to another
will not work.
Plus, getting a copy of the software application is only half the
battle: most software won't work without a registration number. Usable
serial numbers, however, are readily available on Usenet, IRC, Hotline
and applications like Hacks and Cracks.
"This is the first we have heard of this form of piracy," said Erik
Ryan, a Microsoft product manager. "And while this is a possibility,
people should be reminded that this is considered theft."
While the iPod may be ideal for a software-stealing spree, there are a
number of other devices on the market that could also be used by
virtual shoplifters. As well as any external FireWire drive, there are
now a number of tiny key-chain drives that plug into computers' USB
ports, like M-Systems' DiskOnKey and Trek2000's ThumbDrive.
Most key-chain drives work with both Macs and PCs. Some are available
with up to one gigabyte of storage space. However, USB ports are a lot
slower than FireWire, requiring the virtual shoplifter to hang around
while the ill-gotten gains are transferring.
CompUSA and other computer stores could take a few simple steps to
prevent software from being copied, said Mac expert Dave Horrigan, who
writes a syndicated Macintosh column.
Any Mac can easily be configured to allow changes only by
administrators, he said. Also, a system profile tool logs all
peripheral equipment, but it must be running to log an iPod. For Macs
running OS X, a locked dummy file in an application's package will
protect the entire file from being copied without a password.
But Horrigan didn't think the iPod presents a serious piracy threat to
Microsoft, and doubted the company would take special measures to
prevent in-store copying.
"If Microsoft puts in protection it almost always screws up and causes
problems for them or their legit users," he said.
Dennis Lloyd, publisher of iPod fan site iPodlounge, also said this is
the first time he'd heard of an iPod put to such use.
"I can see how easy it would be to do," he said. "It's a shame someone
has stooped this low to bring bad press to the insanely great iPod."
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
ISN is currently hosted by Attrition.org
To unsubscribe email firstname.lastname@example.org with 'unsubscribe isn' in the BODY
of the mail.
Received on Fri Mar 1 07:31 CST 2002