Entries Tagged "flash drives"

Page 3 of 3

Letter: Lexar JumpDrives

Recently I talked about a security vulnerability in Lexar’s JumpDrives. I received this e-mail from the company:

From: Diane Carlini

Subject: Lexar’s JumpDrive

@stake’s findings revealed a slight security exposure in scenarios where an experienced hacker could potentially monitor and gain access to the secure area. This was only the case in version 1.0 which included SafeGuard. Lexar’s JumpDrive Secure 2.0 device now includes software based on 256-bit AES Encryption Technology. With this new product, JumpDrive Secure 2.0 offers the highest level of data protection that is commonly available today.

Registered JumpDrive Secure customers will be contacted to inform them of this Security Advisory found in version 1.

I have no technical information, either from Lexar or @Stake, that verifies or refutes this claim.

Posted on November 5, 2004 at 9:53 AMView Comments

Letter: Lexar JumpDrives

Recently I talked about a security vulnerability in Lexar’s JumpDrives. I received this e-mail from the company:

From: Diane Carlini

Subject: Lexar’s JumpDrive

@stake’s findings revealed a slight security exposure in scenarios where an experienced hacker could potentially monitor and gain access to the secure area. This was only the case in version 1.0 which included SafeGuard. Lexar’s JumpDrive Secure 2.0 device now includes software based on 256-bit AES Encryption Technology. With this new product, JumpDrive Secure 2.0 offers the highest level of data protection that is commonly available today.

Registered JumpDrive Secure customers will be contacted to inform them of this Security Advisory found in version 1.

I have no technical information, either from Lexar or @Stake, that verifies or refutes this claim.

Posted on November 5, 2004 at 9:53 AMView Comments

The Doghouse: Lexar JumpDrives

If you read Lexar’s documentation, their JumpDrive Secure product is secure. “If lost or stolen, you can rest assured that what you’ve saved there remains there with 256-bit AES encryption.” Sounds good, but security professionals are an untrusting sort. @Stake decided to check. They found that “the password can be observed in memory or read directly from the device, without evidence of tampering.” Even worse: the password “is stored in an XOR encrypted form and can be read directly from the device without any authentication.”

The moral of the story: don’t trust magic security words like “256-bit AES.” The devil is in the details, and it’s easy to screw up security.

Although screwing it up this badly is impressive.

Lexar’s product

@Stake’s analysis

Posted on October 1, 2004 at 9:45 PM

The Doghouse: Lexar JumpDrives

If you read Lexar’s documentation, their JumpDrive Secure product is secure. “If lost or stolen, you can rest assured that what you’ve saved there remains there with 256-bit AES encryption.” Sounds good, but security professionals are an untrusting sort. @Stake decided to check. They found that “the password can be observed in memory or read directly from the device, without evidence of tampering.” Even worse: the password “is stored in an XOR encrypted form and can be read directly from the device without any authentication.”

The moral of the story: don’t trust magic security words like “256-bit AES.” The devil is in the details, and it’s easy to screw up security.

Although screwing it up this badly is impressive.

Lexar’s product

@Stake’s analysis

Posted on October 1, 2004 at 9:45 PM

Sidebar photo of Bruce Schneier by Joe MacInnis.