Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

SecuStick Gives a False Sense of Security

leave a comment »

Tweakers.net did a nice analysis of the SecuStick “secure USB flash drive”. Apparently the software application that is used to enter your password does the verification with the device. Then the software tells the device to unlock itself and allow decrypted access to your data. The Tweakers were able to almost trivially gain access to any encrypted data without knowing the user’s password.

http://tweakers.net/reviews/683/5/secustick-gives-false-sense-of-security-pagina-5.html

It’s another example of short-sighted engineering. When trying to protect critical data in a hostile world, vendors need to be much more thorough in their design and threat modeling.

As always, stay safe and avoid a false sense of security.

Advertisements

Written by Alice

October 4, 2008 at 02:53

Posted in SecuStick

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: