Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

SanDisk Enterprise Cruzer Secure USB Flash Drive Vulnerability

with 2 comments

Wow, Bob has found a second secure flash drive that suffers from a major autorun vulnerability. A new PDF details this new SanDisk Enterprise Cruzer vulnerability. The trust we can place in the SanDisk Enterprise Cruzer (and the OEM’d Kingston Data Traveler Elite Privacy Edition) is now as strong as the trust we can place in the supply chain.

What was the name of the delivery guy that brought that box of shiny new Cruzers to the office? Hope he couldn’t be convinced to let someone alone with that box for a few hours…. If that someone was hostile, the network might have a new, uninvited user – or worse.

Heck, even if the supply chain is rock solid, a hostile outsider could leverage an organization’s use of the SanDisk Cruzer to penetrate their defenses by planting a malware-infected device in any number of ways. In this way, the trust placed in the device makes it more of a danger to the organization than if it were untrusted.

As always, stay safe and avoid a false sense of security.

Advertisements

Written by Alice

February 18, 2009 at 21:27

2 Responses

Subscribe to comments with RSS.

  1. Is this just autorun, or is it a vulnerabiltiy that extends to software on the drive generally?

    Justin

    March 10, 2009 at 06:09

  2. […] This calls to mind a previously detailed SanDisk Cruzer Enterprise secure USB flash drive vulnerability. […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: