Did your management team opt for a less expensive alternative to IronKeys? If so, its unfortunately time to re-visit that decision. Kingston, SanDisk, and Verbatim all have a vulnerability that allows unauthorized access to password protected, FIPS certified, AES 256-bit encrypted data on their USB thumb drives.
“Cracking the drives is therefore quite simple. The SySS experts wrote a small tool for the active password entry program’s RAM which always made sure that the appropriate string was sent to the drive, irrespective of the password entered and as a result gained immediate access to all the data on the drive. The vulnerable devices include the Kingston DataTraveler BlackBox, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.” – H-online
The good news is that IronKey is not vulnerable. IronKey will host a webinar on this topic on Wednesday, January 13, 2010 at 10:00am PST, and Rook team members have been accessible 24/7 to address current and future client concerns about this issue. Please don’t hesitate to call us at 888.712.9531.
IronKey’s responses:
Youtube:
IronKey responds to encrypted USB hack
Webinar: https://ironkeyevent.webex.com/ironkeyevent/onstage/g.php?d=665879884&
Call us at 888.712.9531, email info[at]rookconsulting.net, or keep up-to-date on critical issues, alerts, and intelligence by following us on Twitter and subscribe to Rook Insight to receive real-time Insight Intelligence Alerts via email.
Related posts:
- JUNOS Kernel Crash Exploit Released
- ISC2 Visitors: Change Mgmt Tips Download
- 2010 IT Risk Outlook Coming Soon
No comments yet
No comments yet.
RSS feed for comments on this post. TrackBack URL
Leave a comment