Letter: Lexar JumpDrives
Recently I talked about a security vulnerability in Lexar’s JumpDrives. I received this e-mail from the company:
From: Diane Carlini
Subject: Lexar’s JumpDrive@stake’s findings revealed a slight security exposure in scenarios where an experienced hacker could potentially monitor and gain access to the secure area. This was only the case in version 1.0 which included SafeGuard. Lexar’s JumpDrive Secure 2.0 device now includes software based on 256-bit AES Encryption Technology. With this new product, JumpDrive Secure 2.0 offers the highest level of data protection that is commonly available today.
Registered JumpDrive Secure customers will be contacted to inform them of this Security Advisory found in version 1.
I have no technical information, either from Lexar or @Stake, that verifies or refutes this claim.
Israel Torres • November 5, 2004 10:22 AM
Diane’s attempted downplay in the letter by explaining “…findings revealed a slight security exposure in scenarios where an experienced hacker could potentially monitor and gain access to the secure area.” is enough to know that there “potentially” may be more “slight” exposures in the future that will be handled with the same ignorance as they did in their initial non-response.
Fool me once, shame on you… Fool me twice shame on me…
Israel Torres